com 


(n  Qwest’s  fresh  start  Struggling  carrier  boots  Extreme  Ethernet  Is  newly  standardized 

CEO  Nacchio,  left,  looks  to  Bell  veteran  for  answers.  PAGE  11.  10  Gigabit  Ethernet  technology  for  you?  PAGE  51 . 
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EMC  readying 
mgmt  service 


Is  VoIP  vulnerable? 

Yes,  but  users  say  taking  basic  steps  can  limit  security  snafus. 


■  BY  DENI  CONNOR 

HOPKINTON,  MASS.—  Storage 
powerhouse  EMC  is  expected  to 
branch  out  and  enter  the 
crowded  performance-monitor¬ 
ing  market  this  summer  with  an 
online  service  for  tracking  the 
health  of  critical  network  assets. 

EMCLink.net  is  a  Web-based  ser¬ 
vice  designed  to  monitor  and 


identify  capacity,  performance 
and  availability  problems  for 
everything  from  applications  to 
databases,  operating  systems  and 
storage. The  service  initially  will 
support  SAP  R/3, Oracle, Windows 
NT/2000,  Exchange  and  SQL 
Server  environments,  and  eventu¬ 
ally  will  support  Unix. 

While  generally  approving  of 
See  EMC,  page  84 


■  EMC  lays  out  its  case  for  software:  Company  focuses  on  adding 
advanced  features  to  its  storage  management  package.  Page  22. 

■  More  EMC  coverage  online:  www.nwfusion.com,  DocFinder:  9950 


HP  set  to  expand 
its  OpenView  line 

■  BY  DENISE  DUBIE 

SEATTLE  —  Hewlett-Packard  this  week  will  roll  out  a  slew  of  new  and 
enhanced  OpenView  products  that  promise  to  help  users  more  effec¬ 
tively  manage  applications  and  speed  network  problem  resolution. 

The  offerings,  which  range  from  an  application  management  tool 
called  HP  OpenView  Transaction  Analyzer  to  a  Smart  Plug-ln  to  man¬ 
age  WebMethods  application  integration  environments, are  part  of  HP’s 
commitment  to  bolster  the  company’s  service-level  management  tools. 
Upgraded  versions  of  the  company’s  Network  Node  Manager,  Version 

See  Hewlett-Packard,  page  84 


■  BY  PHIL  HOCHMUTH 

As  companies  increasingly  re¬ 
place  aging  PBXs  with  IP  teleph¬ 
ony  equipment,  they  are  un¬ 
covering  a  host  of  security  issues 
that  might  not  have  applied  to 
old-world  phone  technology 

While  businesses  need  to  con¬ 
sider  issues  such  as  voice-over-iP 
packet  prioritization,  voice  qual¬ 
ity  and  call  features  when  plan¬ 
ning  a  move  to  IP  telephony  basic 
security  of  the  IP  PBX  and  phones 
should  not  be  overlooked.  This  is 
especially  true  because  much  of 
the  VoIP  gear  on  the  market  is 
based  on  commodity  operating 
systems  and  commonly  hacked 
software,  experts  and  VoIP  veter¬ 
ans  say 

Just  ask  Carnival  Cruises.  The 
company  found  out  the  hard  way 


Voicing  concerns 


of  network 
executives  said 
security  concerns 
were  a  drawback 
to  implementing  IP 
telephony. 


SOURCE;  NETWORK  WORLD  S00  SURVEY 


that  managing  an  IP  telephony 
system  is  different  from  running 
phone  systems  based  on  tradi¬ 
tional  TDM  technology 
“Our  [Cisco]  CallManager  got 
hit  by  the  Nimda  virus  last  yeaU 
says  Tom  McCormick,  senior  tech¬ 
nical  analyst  with  the  Miami 


cruise  line.  “It  was  a  demo  box 
and  it  wasn’t  patched  to  protect 
against  the  latest  viruses.” 

McCormick  says  the  Cisco  IP 
PBX,  which  runs  on  a  purpose- 
built  Intel-  and  Windows-based 
server,  was  being  used  only  by 
the  IT  department  for  evaluation, 
so  the  company’s  business  was 
not  affected  by  the  crash.  But  the 
incident  was  an  eye-opener. The 
system,  which  is  in  the  compa¬ 
ny’s  live  network  now,  has  since 
been  patched,  and  is  monitored 
and  maintained  regularly  for 
security  fixes. 

For  the  most  part,  IP  PBXs  from 
vendors  such  as  3Com,  Cisco, 
Avaya,  Nortel,  Alcatel  and  others 
are  servers  at  the  core.  The  boxes 
run  call-control  software  on  top 
of  standard  operating  systems 
See  Vulnerable,  page  86 


Network-based  intrusion-detection  systems 


IDS  wares  yield  false 
alarms  that  hide 
real  attacks 


First-ever  “in  the  wild”  evaluation  of  IDS  tools  showed  that 
all  eight  products  tested  generated  a  plethora  of  false¬ 
positive  reports,  which  made  pinpointing  real  network 
attacks  very  difficult.  Page  57. 


Our  charts  show  product  uptime  over  the  monthlong  test  and 
track  how  well  each  pinpointed  major  attacks.  Page  60. 


IDS  glossary  defines  product-specific  terminology.  Page  62. 


Follow  our  IDS  deployment  tips  to  reduce  the  number  of  false-positive 
reports.  Page  62. 


•This  level  of  availability  is  dependent  on  many  factors  outside  of  the  operating  system,  including  other  hardware  and  software  technologies,  mission-critical  operational  processes,  and  professional  services.  T  Source:  Transaction  Processing  Performance  Council.  May  2002.  ©  2002  Microsoft  Corporation. 
All  ngnts  reserved.  Microsoft.  Active  Directory.  BizTalk,  and  Windows  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 


Get  your  infrastructure  ready  for  anything.  You’ve  got  relentless  hackers,  massive  usage  spikes, 
24/7/365  demands,  big  CEO  requests,  etc.,  etc.,  etc.  What  is  going  on  here?  This,  of  course,  is  today’s  unpredictable  business 

environment.  In  this  environment,  where _ can  happen  at  any  moment,  you  need  to  keep  your  infrastructure  prepared 

for  anything  and  everything.  And  that  is  exactly  what  the  Microsoft®  platform  is  designed  to  help  you  do.  Here’s  how: 


Security 


Manageability 


The  Microsoft  platform  helps  provide 
the  secure  infrastructure  that  enables 
confident  computing  in  a  dynamic 
Internet-enabled  environment. 


The  Microsoft  platform  allows  you  to 
build  and  maintain  a  technology 
infrastructure  that  is  reliable,  cost- 
effective,  and  easily  modified  to  meet 
changing  business  needs. 

Microsoft  Systems  Management  Server 
2.0  provides  comprehensive  hardware  and 
software  inventory,  enterprise  software 
distribution,  remote  control,  and  software 
metering  for  Microsoft  WindowsR-based 
desktops  and  servers.  Microsoft  Active 
Directory  service  and  Group  Policy 
features  in  the  Windows  2000  Server 
family  simplify  management  of  users  and 
devices.  Microsoft  Operations  Manager 
2000  provides  enterprise-class  event 
and  performance  management.  And 
Microsoft  Application  Center  2000  makes 
the  management  of  Web  server  farms  as 
simple  as  managing  a  single  server. 


The  Microsoft  platform  enables  high 
levels  of  security  through  built-in  encryption, 
authentication,  and  access  control  that 
can  be  centrally  managed  and  integrated. 
In  addition,  it  helps  protect  sensitive 
data  and  applications  by  securing  your 
network  perimeter  against  attacks  and 
unauthorized  use. 


Interoperability 


Reliability 


Scalability 


The  standards-based  technologies 
in  the  Microsoft  platform  work  with 
your  existing  infrastructure,  support 
future  technology  investments, 
and  leverage  your  investment  in  the 
skill  sets  of  your  current  staff. 

The  Microsoft  platform  can  enable 
communication  with  other  operating 
systems,  including  UNIX-,  NetWare-,  and 
IBM-based  systems,  using  common 
protocols.  It  can  also  access  file  shares 
and  printers  on  other  platforms,  integrate 
new  applications  with  existing  data 
sources,  and  reduce  the  burden  of 
administering  multiple  systems.  And  XML- 
enabled  Microsoft  BizTalk*  Server  2002 
even  allows  you  to  orchestrate  business 
processes  and  applications  across 
organizational  boundaries. 


I 


With  the  right  investments  in  people, 
processes,  and  the  technology  of  the 
Microsoft  platform,  you  can  achieve 
the  highest  levels  of  reliability  you 
need  to  run  your  business. 

The  Windows  2000  Server  family 
delivers  up  to  4-node  clustering  and  32-node 
load  balancing  to  support  mission-critical 
applications  and  solutions.  Features 
like  these,  along  with  established  best 
practices  and  support  from  Microsoft’s 
industry  partners  (including  fault-tolerant 
systems  vendors),  allow  customers  to 
build  solutions  that  provide  up  to  99.999% 
service  availability* 


The  Microsoft  platform  scales  to  handle 
your  most  demanding  workloads. 

The  Microsoft  platform  gives  you  the 
choice  of  thinking  bigger,  smaller,  up,  or 
out,  with  the  lowest  price-to-performance 
ratio  of  any  competitive  platform.1  You 
can  deploy  Microsoft  SQL  Server”''  2000 
on  Windows  2000  Datacenter  Server 
for  heavy-duty  ERP  and  transaction 
processing,  and  scale  up  to  support 
terabytes  of  data  and  millions  of 
transactions.  Or  scale  out  with  Application 
Center  2000  by  adding  clusters  of 
Windows  2000-based  servers  running 
distributed  applications.  Either  way,  the 
scalability  you  need  is  there. 


For  more  information  on  how  to  prepare  your  infrastructure  for _ , _ , 

and _ ,  visit  microsoft.com/enterprise  Software  for  the  Agile  Business. 


When  nearly  half  of  the  Fortune  1000  count  on  you, 

a  pattern  starts  to  emerge. 


When  leading  businesses  need  a  wireless  partner  to  keep  things  moving,  they  turn  to  us.  That's  why  we've 
emerged  as  the  number  one  wireless  carrier  for  business  data  users.  With  Cingular,  you  get  everything 
from  business  calling  plans  and  corporate  email  to  interactive  messaging  and  CRM  solutions -all  built 
around  your  company's  specific  needs  and  goals.  Maybe  it's  time  you  noticed  the  shape  business  is 
taking  to  express  itself.  To  see  how  we  can  build  a  wireless  solution  around  you,  give  us  a  call  at 
1-866-446-7599  or  visit  us  at  www.cingular/business.com.  Also,  feel  free  to  download  our  "orange" 
paper,  Executive  Guide  to  Enterprise-Wide  Wireless  Data  Strategies,  when  you  visit  our  website. 


X  cingular 

WIRELESS 

What  do  you  have  to  say?" 


Cingular  Wireless.  "What  do  you  have  to  say?"  and  the  graphic  icon  are  Service  Maris  of  Cingular  Wireless  LLC.  ©2002  Cingular  Wireless  LLC.  Fortune  is  registered  trademark  of  Time,  Inc.  Photos  used  with  permission  of  the  NYSE. 


News 

■  11  Nacchio’s  exit  from  Qwest  Communications  opens  door  to  competition. 

■  1 1  XO  Communications  files  for  Chapter  11  bankruptcy  protection. 

■  12  SSL  security  services  on  tap  from  OpenReach,  Aventail. 

■  14  Intel  and  Sun  to  shake  up  server  market. 

■  14  Extreme,  Foundry  take  different  approaches  to  wiring  closets. 

■  16  Jini  developers  tell  Web  services  to  move  over. 

■  16  Systinet  eyes  Web  services'  security,  management  shortcomings. 

■  18  IM  vendors  aim  wares  at  thin  clients,  applications  integration. 

■  18  Secure  Computing  details  firewall  development  plans. 

■  18  Racketeer  adds  deep  reporting  software  to  acceleration  device. 

■  20  IT  vendors  ready  wares  for  retail  crowd. 


Features 

Crying  wolf;  IDS  wares  yield  false 
alarms  that  hide  real  attacks 


Page  57. 

Page  60. 

Page  62. 
Page  62. 


First-ever  "in  the  wild"  evaluation  of  IDS  wares  showed  that  all  eight  products 
tested  generated  a  plethora  of  false-positive  reports,  which 
then  made  pinpointing  real  network  attacks  very  difficult. 

Our  charts  show  product  uptime  over  the  monthlong 
test  and  track  how  well  each  pinpointed  major  attacks. 

Our  IDS  glossary  defines  product-specific  terminology. 

Follow  our  IDS  deployment  tips  to  help  reduce  the 
number  of  false-positive  reports. 


Infrastructure 

■  21  University,  town  team  to 
make  a  net  reality. 

■  21  IBM  demonstrates  wireless 
network  monitor. 

■  22  EMC  lays  out  its  case  for 
software. 

■  24  Kevin  Tolly:  Wireless 
LAN  hype  is  out  of  control? 


NetWorker 

■  27  The  secret  to  five-star 
service. 

■  30  Toni  Kistner:  Wireless 
LAN  shakeup  shows  promise. 

Enterprise 

Applications 

■  33  IBM’s  Informix  buy  paying  off. 

■  33  WiredRed  audits  corporate 
instant-messaging  traffic. 

■  34  Cisco  brings  wireless  LAN 
gear  into  its  management  fold. 

■  34  Corechange  beefs  up  collab¬ 
oration  tools. 

■  36  Forgent  creates  video  man¬ 
agement  pack. 

■  36  Scott  Bradner:  Fighting 
terrorism  with  obscurity? 

Service  Providers 

■  39  Special  Focus:  High 
speed  wireless  data  access:  What's 
it  worth  to  you? 

■  39  Cable  &  Wireless  shopping 
voice,  ATM,  frame  customers  to 
other  providers. 


■  40  Lisa  Pierce:  Five  pitfalls 
buyers  should  avoid  when  picking  a 
telecom  supplier. 

The  Edge 

■  43  Switch  vendors  say  RFPs 
light  on  MPLS. 

■  44  Starent  Networks  caters  to 
wireless  providers. 

Technology  Update 

■  51 10  Gigabit  to  push  Ethernet 
beyond  the  LAN. 

■  51  Steve  Blass:  Ask  Dr. 

Internet. 

■  52  Mark  Gibbs:  Down 
under  syslog. 

■  52  Keith  Shaw:  Kyocera 
adds  color  to  its  smartphone. 

Opinions 

■  54  Editorial:  The  sun  sets 
on  the  telecom  cowboys. 

■  55  Chuck  Yoke:  The  mas¬ 
ter  builders  of  IT. 

■  55  Daniel  Briere  and 
Russ  McGuire:  Video  killed  the 
telephone  stars? 

■  88  Backspin:  Gambling  with 
our  rights. 

■  88  'Net  Buzz:  What  else 
shouldn't  we  believe  about  eBay? 


Tester’s  Choice:  David  Newman  takes  on  the  "time-to-market1'  phenomenon.  Page  66. 
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Interactive 

Buyer's  Guide:  Wireless  LANs 

There  are  many  options  when  it  comes  to  wireless  LAN  gear.  We  try  to 
make  it  easier  by  offering  a  downloadable  Excel  spreadsheet  that  com¬ 
pares  the  wares  of  more  than  130  vendors. 

DocFinder:  9938 

More  with  less 

Learn  how  to  get  the  most  out  of  your  equipment,  staff,  contracts,  bud¬ 
gets  and  more. 

DocFinder:  9939 

Net  execs  share  their  wisdom 

Wonder  how  your  peers  handle  massive  infrastructure  upgrades,  new 
technology  rollouts,  security  and  more?  Check  out  our  series  of  net 
executive  interviews  entitled,  “Your  Take:  Net  executives  share  their  wis¬ 
dom."  See  how  IT  execs  handle  the  problems  you  face  every  day. 

DocFinder:  9940 

Seminars  and  Events 

VoIP  training  comes  to  you! 

Looking  for  a  cost-effective  way  to  train  your  team?  Trying  to  widen 
your  department's  skill  set  on  a  shrinking  budget?  With  equipment 
provided  by  Avaya,  NetSmart's  voice  over  IP  on-site  training  is  the 
perfect  way  to  educate  your  staff  without  leaving  the  office. 

DocFinder:  9945 


Columnists 

Compendium 

The  war  between  ISPs  and  wireless  hackers 
Fusion  Executive  Editor  Adam  Gaffin  offers  a  report  on  the 
increasing  friction  between  ISPs  and  people  who  like  setting 
up  wireless  access  points  that  let  anybody  nearby  tap  into 
their  'Net  connection. 

DocFinder:  9941 

Help  Desk 

Internet  service  for  less  than  an  arm  and  a  leg 
Columnist  Ron  Nutter  helps  a  reader  who  needs  less  than  a 
T-1,  and  cable  and  DSL  aren’t  options. 

DocFinder:  9942 

Home  Base 

Getting  to  know  you 

Columnist  Jeff  Zbar  shows  how  videoconferencing  and  instant 
messaging  keep  a  remote  executive  connected  with  his  team. 

DocFinder:  9943 

View  from  The  Edge 

Tenor,  Gotham  'rightsize' 

The  Edge  Managing  Editor  Jim  Duffy  examines  the  moves  as 
the  companies  try  to  adjust  to  the  dismal  market. 

DocFinder:  9944 


Management 

Strategies 

■  67  Juggling  resources:  IT 
executives  let  business  considera¬ 
tions  drive  decisions  for  managing 
short-term  needs  and  long-term 
strategy. 
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What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the 
home  page,  and  you’ll  jump  directly  to  the 
requested  information. 
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As  the  twisted  tale  turns 

■  The  in-again,out-again  saga  of  Java  support  in  Microsoft  Windows  took  two  twists 
last  week  when  Microsoft  said  it  would  make  a  Java  Virtual  Machine  part  of  the 
default  installation  of  Windows  XP  in  an  attempt  to  settle  a  legal  dispute  with  Sun. 
JVM  had  been  offered  as  a  separate  download.  JVM  will  be  added  through  Service 
Pack  1  for  XP  due  later  this  summer.  But  Microsoft  also  said  it  will  yank  JVM  in  2004. 
Under  the  settlement  with  Sun,  Microsoft  won’t  be  able  to  change  the  JVM  code.  A 
Microsoft  spokesman  said  that  limitation  would  eventually  create  a  security  risk  for 


Hit  Good  BadTheUgly 


The  stall  guy.  William  McNee,  managing  partner  at 
consulting  firm  Saugatuck  Technology,  speaking  to  CIOs  on 
the  joys  of  delaying  technology  upgrades:  "It's  great  to 
be  in  stall  mode  so  long  as  your  competitors  are  also  in 
stall  mode." 

Nimda  surprise.  Microsoft  has  acknowledged 
that  it  inadvertently  shipped  copies  of  its  Visual  Studio  .Net 
development  tool  containing  the  Nimda  virus  to  South  Korea. 
Microsoft,  which  says  no  infections  have  resulted  from  the 
CDs,  blames  the  oversight  on  a  company  that  Microsoft 
contracts  with  to  translate  its  applications  and  help  files  into 
Korean. 

What  would  aliens  think?  Noted  telecom 
analyst  Scott  Cleland,  CEO  of  Precursor  Group,  says 
of  the  Bells  getting  into  long-distance:  "The  Bell  entry 
process  right  now  is  nanoregulation  —  overdone  by 
any  measure  —  100,000  page  applications.  As  a 
nation,  we  regulate  Bell  entry  more  rigorously  than 
we  regulate  toxic  or  radioactive  waste.  If  aliens  landed 
on  Earth  and  looked  at  our  regulations  as  a  relative 
sign  of  what  we  humans  fear,  they  could  get  the  impression 
that  Bell  entry  would  rank  as  one  of  the  greatest  threats 
to  the  planet  Earth.”  > 


CHRISTOPH  HITZ 


Intel  passes  on  Web  hosting 
services 

■  After  jumping  into  the  Web  hosting  mar¬ 
ket  at  its  height,  Intel  last  week  unceremo¬ 
niously  bowed  out.  Intel  Online  Services 
launched  with  two  data  centers  in  1999, 
and  in  April  of  the  following  year  Intel 
announced  it  would  invest  $1  billion  in 
the  business,  mainly  to  build  and  equip 
data  centers.  It  planned  to  have  12  data 
centers  up  by  the  end  of  2000,  but  ended 
that  year  with  eight  and  shelved  plans  for 
the  rest. 

Intel  claims  it  will  use  these  data  centers 
for  its  internal  IT  operations  and  will  retain 
most  of  the  IOS  employees.  As  for  IOS  cus¬ 
tomers,  Intel  will  continue  to  service  them 
during  the  next  12  months  while  it  helps 
them  transition  to  other  hosting  situations. 

Analysts  note  that  while  IOS  didn’t  have 
the  presence  of  competitors  such  as  Exo¬ 
dus  Communications,  which  had  44  data 
centers  at  its  peak,  it  was  consistently  winning  new  business.  Intel 
wouldn’t  discuss  hosting  revenue  or  customer  numbers,  but  Tier  1 
Research  estimates  IOS  ended  2001  with  $41  million  in  hosting  rev¬ 
enue  and  predicted  that  revenue  would  nearly  double  to  $80  mil¬ 
lion  thisyear.“We  were  successful  in  attracting  customers, but  if  you 
look  at  the  overall  market  trends  and  financial  projections  for 
growth  and  profitability,  they  didn’t  meet  our  requirements,”  says 
Christine  Chartier,  an  Intel  spokeswoman.  Separately,  Loudcloud 
announced  it  was  selling  its  managed  services  business  to  Elec¬ 
tronic  Data  Systems  (see  www.nwfusion.com,  DocFinder:  9949). 

COMPENDIUM 

Those  darn  foreign  domains 

We  won  t  comment  on  how  PWC  Consulting  is  changing  its  name  to  Monday  (because 
it's  just  too  easy).  So  we  ll  just  point  out  that  when  it  launched  introducingmonday. 
com  to.  well,  introduce  itself,  somebody  across  the  pond  quickly  registered  introduc- 
ingmonday.co.uk  to  mock  it  Go  there  with  your  sound  turned  on. 

You  'll  get  plenty  of  stuff  you  have  to  see  every  day,  even  Monday, 
in  Compendium,  www.nwfusion.com,  DocFinder:  9948. 


Windows  users.  Microsoft’s  JVM  is  based  on  Version  1.1.4  of  Java.  Sun  wants 
Microsoft  to  ship  a  JVM  based  on  the  current  version,  1.4. The  company  criticized 
Microsoft  for  not  using  an  updated  JVM  and  making  the  announcement  a  day 
before  closing  arguments  in  its  antitrust  remedy  hearing. 

Gut  to  the  bone 

■  Peregrine  System,  which  in  April  was  named  the  fastest  growing  Network  World 
200  company  for  2001 ,  last  week  said  it  would  slash  its  workforce  by  almost  half.The 
San  Diego  company  will  reduce  its  2,900-person  staff  to  1,500,  which  will  lead  the 
company  to  consolidate  offices  across  North  America  and  possibly  elsewhere. The 
news  comes  on  the  heels  of  news  that  the  company  is  under  investigation  by  the 
U.S.  Securities  and  Exchange  Commission  for  discrepancies  in  the  reporting  of 
about  $100  million  in  revenue  over  the  past  two  years. 

Take  some  time  off 

■  Hewlett-Packard  is  furloughing  for  three  weeks  most  of  its  North  American  out¬ 
side  contractors  that  provide  IT  support,  a  move  the  company  estimates  will  save 
$15  million  to  $20  million.  About  4,000  contractors  from  a  number  of  firms  will  be 
affected  by  the  work  stoppage,  scheduled  for  June  24  through  July  12.  Those  con¬ 
tractors  handle  aspects  of  HP’s  Web  site  and  other  IT  infrastructure  tasks. 
A  small  number  of  essential  contractors  will  continue  working  during  the  furlough. 
HP  is  in  the  process  of  reevaluating  its  contracts  and  canceling  those  it  no  longer 
needs.The  move  comes  as  HP  focuses  on  cost  reduction  following  its  acquisition  of 
Compaq.  HP  CEO  Carly  Fiorina  has  pledged  that  HP  and  Compaq  will  cut  their  com¬ 
bined  operating  costs  by  $2.5  billion  by  October  2003,  the  end  of  HP’s  2003 
fiscal  year. 
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Under  the  umbrella  of  IBM  (©server  xSeries1, M  meteorological  supersite  weather.com  is  enjoying 
meteoric  success.  Thanks  in  part  to  the  installation  of  IBM  (Intel®  processor-based)  servers  running 
Linux®  Select  xSeries  models  feature  the  Intel  Xeon™  processor  to  give  you  superior  performance 
and  cost-effectiveness.  For  a  guide  on  how  our  self-managing  features  can  benefit  your  business, 
visit  ibm.com/eserver/weather  ©I***  is  M 

All  numbers  and  results  reported  are  from  customer  sources.  This  customer  example  is  intended  as  an  illustration  only.  Costs  and  results  obtained  in  other  customer  environments  will  vary  depending,  among  other  things,  on  individual 
customer  configurations  and  conditions.  IBM.  the  e-business  logo,  e-business  is  the  game.  Play  to  win  and  xSeries  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation.  Linux  is  a  registered 
trademark  of  Linus  Torvalds.  Intel,  the  Intel  Inside  logo,  and  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Other  company,  product  and  service  names  may 
be  trademarks  or  service  marks  of  others.  ©  2002  IBM  Corporation.  All  rights  reserved. 
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With  Avaya,  you’re  already  this  close  to  IP  Telephony. 


In  fact,  you  can  use  what’s  in  your  own  network.  Now  Avaya,  the  leader  in  voice  solutions, 
has  extended  IP  Telephony  to  an  open  architecture.  So  our  feature-rich  MultiVantagem 
Software  can  work  with  your  existing  investment,  allowing  you  to  have  Enterprise  Class  IP 
Solutions  anywhere  in  your  network.  That  means  you  get  gentle  migration  and  flexible 
deployment  from  the  core  to  the  edge,  or  the  other  way  around.  Learn  how  a  network 
assessment  can  help  you  discover  how  close  you  are  to  IP  Telephony.  Visit  avaya.com/yes 
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News 


6/24/02 


NetworkWorld 


Qwest  CEO  moves  force  change 

But  carrier  won’t  necessarily  be  sold  in  wake  of  Nacchio’s  departure,  observers  say. 


Rise  and  fall 


Joseph  Nacchio  helped  transform  Qwest  into  a  top  carrier, 
but  the  ousted  CEO  was  unable  to  keep  the  company  from 


unraveling  in  recent  months. 

January  March 

Nacchio  is  FCC  approves  Qwest's  $50 
hired  away  billion  acquisition  of  US 
from  AT &T  West.  Qwest's  stock  hits 
as  president  its  all-time  high  of  $64.50. 
and  CEO. 


June 

December  Files  for  lon9- 

Carrier  reveals  d|StanceaPP‘ 
roval  in  five  of 

its  local  states. 
Nacchio  is 


it  will  cut  7,000 
positions  by 
June  2002. 


forced  to  resign. 
Richard 
Notebaert 
appointed  CEO. 

— »  I 
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1 2000 
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June  - 

Merges  with 
long-distance 
provider  LCI. 


April  — 

Nacchio  is 
appointed 
chairman. 


January  - 

Launches 
an  OC-192 
national 
backbone. 


J 


April - 

SEC  starts  formal  invest¬ 
igation  into  the  carrier's 
accounting  practices. 


■  BY  MICHAEL  MARTIN 

DENVER  —  While  it  was 
Qwest  CEO  Joseph  Nac- 
chio’s  aggressive,  acquisitive 
style  that  helped  turn  the 
once  obscure  fiber-optic 
wholesaler  into  one  of  the 
world’s  largest  carriers,  ob¬ 
servers  say  his  ouster  last 
week  should  pave  the  way 
for  new  management  to 
make  overdue  changes  at 
the  financially  struggling 
company 

The  former  AT&T  execu¬ 
tive,  who  at  times  seemed 
hellbent  on  bringing  down 
his  former  employer  with  a 
plan  to  offer  local  and  long¬ 
distance  services  world¬ 
wide,  was  replaced  by  Ric¬ 
hard  Notebaert,  who  previ¬ 
ously  led  Ameritech  and  most  recently 
served  asTellabs’  chief  executive. 

“The  speculation  is  that  Notebaert  might 
focus  the  company  more  on  local  ser¬ 
vices,”  says  Dean  Gekas,a  principal  with  in¬ 
vestment  firm  State  Street  Corp.'That  could 
put  the  long-distance  business  in  play’ 

If  the  more  even-tempered  Notebaert  — 
who  oversaw  Ameritech’s  sale  to  fellow 
Bell  company  SBC  Communications  —  de¬ 
cides  to  concentrate  on  the  local  business, 
the  long-distance  business  could  be  sold 
or  scaled  down,  Gekas  says. 

Qwest’s  local  service  revenue,  courtesy 
of  the  company’s  $50  billion  acquisition 


■  BY  MICHAEL  MARTIN 

While  XO  Communications  last  week 
finally  made  its  long  rumored  Chapter  1 1 
bankruptcy  protection  filing,  industry  wat¬ 
chers  warn  customers  not  to  count  the 
competitive  carrier  out  just  yet. 

Michael  Lauricella,  an  analyst  with  The 
Yankee  Group,  says  XO  has  had  success  in 
selling  its  tiered  bundles  of  voice  and  data 
services  to  small  and  midsize  businesses. 
But  the  carrier  just  hasn’t  been  able  to  gen¬ 
erate  enough  revenue  to  offset  the  heavy 
investment  it  made  to  build  a  national 
backbone  and  metropolitan-area  networks 
in  major  U.S.  markets. 

Revenue  has  been  on  the  rise,  with  this 
year’s  first-quarter  revenue  of  $333  million 
topping  last  year’s  first-quarter  revenue  by 
20%.  And  while  the  company  continues  to 
bleed  red  ink,  the  bleeding  has  slowed.  XO 
lost  $12  million  in  the  first  quarter,  three 
times  less  than  it  lost  in  the  fourth  quarter 
and  far  less  than  the  $77  million  it  lost  in 
last  year’s  first  quarter. 


of  US  West  two  years  ago,  dwarfs  the  com¬ 
pany’s  long-distance  service  revenue.  In 
the  first  quarter,  local  service  revenue  was 
$3.5  billion  vs.  long-distance  revenue  of 
$900  million. 

Qwest’s  financial  woes  stem  from  prob¬ 
lems  similar  to  those  faced  by  other  carriers 
during  the  telecom  industry  meltdown  — 
overspending  on  capacity  and  nose-diving 
prices.  Qwest  spent  billions  of  dollars  on  a 
global  fiber-optic  network  that  is  not  close 
to  being  fully  utilized.  And  the  traffic  the 
network  does  carry  is  generating  far  less 
revenue  than  the  carrier  expected.  A  study 
by  telecom  research  firm  TeleGeography 


XO  is  seeking  to  use  the  Chapter  11 
process  to  restructure  and  emerge  as  es¬ 
sentially  the  same  company  minus  approx¬ 
imately  $5.1  billion  in  debt. 

The  company  submitted  two  alternative 
restructuring  plans  in  its  Chapter  1 1  filing. 

The  first  plan  would  see  investment  firm 
Forstmann  Little  and  telecom  firm  Tele- 
fonos  de  Mexico  invest  $800  million  in  XO 
in  return  for  each  getting  a  39%  stake  in  the 
provider.  Bondholders  would  get  $200 
million. 

But  this  restructuring  might  not  be 
approved  because  Forstmann  Little  and 
Telmex  are  balking  at  some  conditions  of 
the  agreement. 

If  the  deal  falls  through,  XO  will  look  to 
convert  $1  billion  in  loans  into  common 
equity  and  $500  million  in  secured  debt  to 
keep  the  company  going. 

While  Chapter  1 1  has  essentially  signaled 
the  end  for  some  carriers,  such  as  DSL 
provider  NorthPoint  Communications,  oth¬ 
ers,  such  as  Covad  Communications,  have 
re-emerged.  ■ 


shows  that  OC-3  wholesale 
lease  pricing  on  most  ma¬ 
jor  U.S.  routes  declined  by 
around  70%  in  each  of  the 
past  two  years. 

It’s  too  early  to  say 
whether  Qwest  will  end 
up  in  play,  says  Lisa 
Pierce,  an  analyst  with 
Giga  Information  Group 
and  a  Network  World  co¬ 
lumnist.  But  from  Note- 
baert’s  early  comments,  it 
appears  the  provider  will 
try  to  focus  on  specific 
market  segments. 

“They’re  not  going  to  try 
to  be  all  things  to  all  peo¬ 
ple  anymore,”  Pierce  says. 

In  region,  Pierce  says 
Qwest  might  see  an  op¬ 
portunity  to  sell  voice  and 
data  packages  to  small 
and  midsize  businesses. 

For  larger  businesses,  Qwest  will  likely 
concentrate  on  its  largest  markets  and  fol¬ 
low  one  of  Nacchio’s  previously  an¬ 
nounced  strategies  of  selling  less-profitable 
rural  assets,  Pierce  says. 

Brian  Lane,  assistant  vice  president  of 
technology  for  the  American  Health  As¬ 
sociation’s  (AHA)  Financial  Solutions  sub¬ 
sidiary  says  that  while  he  credits  Nacchio 
for  building  up  Qwest  in  the  first  place, 
Notebaert’s  hiring  is  a  good  move  as  Qwest 
plots  its  next  move. 

Qwest  is  the  AHAs  preferred  data  pro¬ 
vider  for  its  nearly  5,000  hospitals,  health¬ 
care  systems  and  care  providers.  Qwest 
and  other  partners  also  manage  a  health¬ 
care  portal  for  the  AHA. 

Lane  says  he  isn’t  too  concerned  with 
Qwest’s  debt  load, noting  it’s  comparable  to 
those  of  other  carriers. 

“Plus  they’re  a  [regional  Bell  operating 
company]  ,”  he  says.  “They’re  there  for  the 
long  term." 

Nacchio’s  departure  was  a  surprise  to  no 
one.  The  provider  was  burdened  by  more 
than  $26  billion  in  debt,  had  logged  eight 
consecutive  losing  quarters,  and  its  bonds 
had  recently  been  downgraded  to  junk  sta¬ 
tus.  With  Qwest’s  stock  languishing  in  the  $4 
range  after  peaking  at  $64.50  a  little  more 
than  two  years  ago,  shareholders  were 
vocal  in  calling  for  Nacchio’s  head,  much 
as  WorldCom  shareholders  were  earlier 
this  year  before  that  carrier’s  similarly  brash 
CEO  Bernie  Ebbers  was  deposed  in  April. 

To  top  it  all  off,  Qwest,  like  WorldCom,  is 
under  investigation  by  the  Securities  and 
Exchange  Commission.  Qwest  is  being  in¬ 
vestigated  for  possibly  recording  band¬ 
width  swaps  with  other  carriers  to  artifi¬ 
cially  inflate  its  earnings  numbers. 

Although  a  sale  isn’t  necessarily  in 
Qwest’s  future,  Gekas  notes  that  it  would 
be  easier  to  sell  Qwest  with  Notebaert  at 
the  helm  than  with  Nacchio.  ■ 


X0  files  for  Chapter  1 1 


IP  Telephony. 
Where  to  start? 

With  Avaya  Enterprise  Class 
IP  Solutions  (EC  LI  PS) 
featuring  MultiVantage 
Software,  start  anywhere 
in  your  network. 


S8700  Media  Server 


At  the  core. 

•  Delivers  up  to  99.999% 
reliability 

•  Scalable  from  20  to 
1  million  users 


G700  Media  Gateway 


At  the  edge. 

•  Survivable  remote  location 

•  Standards-based  distributed 
architecture 

•  Cost-effective  option 


From  IP  Phones  to  Pocket  PCs 


With  a  specific  workgroup. 

•  First  to  seamlessly  extend 
applications  to  cellular 

•  Takes  applications  to  remote 
and  mobile  workers  for 
greater  productivity 


Learn  how  a  network  assessment  can 
help  you  discover  how  close  you  are 
to  IP  Telephony.  Visit  avaya.com/yes 
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New,  revised  remote  access  services  exploit  SSL 


m  BY  TIM  GREENE 

With  a  nod  toward  customers’  growing 
desire  for  a  fast,  secure  way  to  link  remote 


users  and  business  partners,  OpenReach 
and  Aventail  are  each  rolling  out  new  ser¬ 
vices  that  use  Secure  Sockets  Layer. 
OpenReach  says  customer  requests 


prompted  it  to  develop  its  new  OpenReach 
Anywhere  SSL  remote  access  service,  and 
Aventail  says  customer  desire  for  simpler 
management  and  better  security  were  the 


impetus  behind  upgrades  to  its  Aventail 
.Net  SSL  service.  Both  providers  offer  re¬ 
mote  access  SSL  services  via  gear  located 
at  customer  and  carrier  sites. 

The  attraction  of  browser-based  SSL  ser¬ 
vices  is  that  the  remote  machines  typically 
already  support  SSL  via  their  Web  browsers 
and  the  services  require  no  modifications 
to  corporate  firewalls.  And  SSL  firewall 
ports  that  the  traffic  uses  are  generally  left 
open,  so  firewall  reconfiguring  is  usually 
unnecessary  IP  Security  (IPSec)  VPNs,  con¬ 
versely,  require  separate  client  software  on 
remote  machines  and  must  be  configured 
along  with  the  firewall. 

The  new  OpenReach  Anywhere  service 
adds  SSL  support  to  the  vendor’s  existing 
IPSec  VPN  gateways  so  businesses  can 
grant  SSL  access, VPN  access  or  both.  Users 
with  access  to  both  require  one  username 
and  password. The  service  supports  access 
to  only  Web-enabled  applications  such  as 
Microsoft’s  Outlook  email,  along  with  file 
sharing. 

IPSec  VPNs  support  access  to  more  appli¬ 
cations  than  do  products  of  SSL  competi¬ 
tors  such  as  Neoteris  and  Aventail,  even 
though  both  have  already  added  access  to 
client/server  and  terminal  applications, 
says  Dave  Kosiur,  a  Burton  Group  analyst. 

OpenReach,  as  a  late  entrant  into  the  SSL 
market,  offers  more  limited  options.  “We’re 
not  going  to  do  everything  [our  SSL  com¬ 
petitors]  do  right  out  of  the  chute, “says  Mark 
Tuomenoska, OpenReach  CEO. OpenReach 
plans  client/server  support  by  year-end. 

OpenReach  Anywhere  costs  $10  per  user 
per  month,  and  will  be  available  next 
month. 

Aventail,  on  the  other  hand,  has  focused 
on  SSL  remote  access  for  six  years  and  is 
adding  new  security  capabilities  to  its 
Aventail. Net  service.  These  include  the 
power  to  lock  out  remote  users  if  their 
machines  aren’t  running  adequate  security 
applications. 

An  Aventail  software  agent  on  the  remote 
machine  tells  the  Aventail  SSL  server 
whether  the  remote  device  has,  say,  a  fire¬ 
wall  and  antivirus  software  running.  Access 
policies  can  be  set  to  deny  access  if  these 
applications  are  turned  off. 

Users  can  now  centrally  set  policies  that 
shut  down  any  other  links  when  they  have 
an  SSL  remote-access  session  running.'This 
makes  sure  broadband  Internet  users  don’t 
cause  security  breaches,”  says  Wolfgang 
Gebhardt,  manager  of  small  site  infrastruc¬ 
ture  at  Analog  Devices,  which  makes 
processors  and  is  based  in  Norwood, 
Mass.The  company  uses  Aventail. Net  to 
support  business  partner  access  to  Analog 
Devices  resources. 

Gebhardt  also  is  looking  forward  to  using 
a  feature  that  allows  authenticating  users  to 
multiple  directories. This  will  eliminate  the 
need  to  establish  new  directory  entries  for 
users  to  whom  he  wants  to  grant  SSL 
access,  he  says. 

These  features  are  available  now  as  part 
of  standard  Aventail  software  upgrades  * 


Radware:  Intelligent  Application  Switching,  Certainty  Across  your  Network 


CertainT  100 
SSt  Accelerators 


End  Cache 

Users  Server 

Director 


11  Web  Server  Director  Pro+ 


FireProof  Firewalls  UnkProof 


Our  Intelligent  Application  Switching  solutions 
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Secure  communication  over 
Internet  and  IP  networks 


Standards-based  VPN  gateways 
include  integrated  firewall 


Stateful  inspection  firewall 
protects  against  cyber  attacks 


Internal  router  supports 
multiple  users 


Network  Address  Translation  (NAT) 
conceals  private  IP  addresses 


Data  Encryption  Standard  (DES) 
or3DES  secures  data 


Internet  Key  Exchange  (IKE) 
authenticates  users 


Web-based  configuration 
and  management 
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support 


Reassuring  five-year  warranty 
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In  choosing  your  VPN  access  solution,  consider  the 
NetVanta  2000  series  from  ADTRAN.  You’ll  get  secure, 
low-cost  connectivity  across  the  Internet,  with  the 
protection  of  a  stateful  inspection  firewall  and  the 
convenience  of  an  internal  router.  All  from  the  company 
that  sells  more  enterprise  connectivity  solutions  across 
more  service  technologies  than  any  other  vendor. 

The  NetVanta  2000  series  delivers  the  exact  VPN 
functionality  you  need  to  connect  remote  offices, 
telecommuters,  and  mobile  users  to  corporate  information 
resources,  securely  and  cost-effectively.  Backed  by  a  full 
five-year  warranty  and  unsurpassed  technical 
support  from  the  leader  in  connectivity,  the 
NetVanta  2000  series  is  one  of  the  most  risk-free 
decisions  you  can  make  for  VPN. 
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Intel,  Sun  to  heat  up  server  market 

Intel  to  kickstart  Itanium  2  campaign  with  its  own  servers;  Sun  to  make  Linux  move. 


■  BY  IDG  NEWS  SERVICE 

You  just  never  know  who  might 
come  out  with  an  Intel  server 
these  day's. 

Intel  itself  plans  to  offer  a  four- 
processor  machine  based  on 
Itanium  2,  the  new  version  of  the 
company’s  64-bit  processor  being 


unveiled  July  8.  Meanwhile,  in  a 
departure  from  its  homegrown 
SPARC-based  server  strategy,  Sun 
will  introduce  a  Linux  server 
based  on  two  1 .4-GHz  Pentium  III 
processors  at  the  LinuxWorld 
Conference  &  Expo,  beginning  in 
August, sources  say 
While  making  servers  is  not 


entirely  new  for  Intel,  Gartner 
research  director  Ian  Brown  de¬ 
scribes  the  move  as  an  “unusual 
tactic”  designed  to  boost  enthusi¬ 
asm  for  the  new  processor. 

“Enthusiasm  for  Itanium  2 
comes  from  [Hewlett-Packard], 
which  will  be  moving  to  Itanium 
2  for  its  Unix  servers,”  he  says. 


HP  is  expected  to  announce  2- 
way  and  4-way  Itanium  servers 
called  the  RX2600  and  RX5670. 

Itanium  2  —  previously  known 
by  the  code-name  McKinley  —  is 
seen  as  a  competitor  to  RISC  pro¬ 
cessors,  like  Sun’s  SPARC  proces¬ 
sors.  Industry  watchers  expect 
the  processor  to  be  used  in  mid- 


Wiring  closet  switch  choices  expand 

Extreme  downscales  Layer  3/4  device  ;  Foundry  revs  up  new  Layer  2  boxes. 


■  BY  PHIL  HOCHMUTH 

SAN  JOSE  —  Wiring  closet  switches 
announced  this  week  by  Extreme  Net¬ 
works  and  Foundry  Networks  promise 
more  flexibility  and  lower  prices  for 
deploying  multilayer  switching  to 
desktops. 

Extreme  released  a  small  version  of  its 
flagship  BlackDiamond  core  switch 
aimed  at  putting  the  Layer  3  and  Layer  4 
switching  capabilities  of  the  Black- 
Diamond  line  at  the  LAN  edge. 

Foundry  is  taking  a  different  ap¬ 
proach  to  wiring  closets  with  a  new 
line  of  Layer  2  fixed-configured 
switches  for  wiring  closets,  which  the 
company  says  offers  more  ports  than 
some  chassis  for  less  money 

Extreme’s  BlackDiamond  6804  is  a 
four-slot  chassis  that  uses  the  same 
software  and  components  as  the  larg¬ 
er  6816  and  6808  switches  aimed  at 
the  enterprise  core.  The  company  is 
targeting  the  box  as  a  chassis  for 
wiring  closets,  where  high  availability  of  ports 
and  advanced  bandwidth-management  fea¬ 
tures  are  required  —  for  networks  with  IP 
phones  deployed,  for  example.The  switch  also 
supports  redundant  and  hot-swappable 
power  supplies  and  management  modules  for 
surviving  component  failures  without  inter¬ 
rupting  service. 

The  switch  can  use  all  modules  from  Ex¬ 
treme’s  BlackDiamond  family,  such  as  24-  and 
48-port  10/100M  bit/sec  blades,  16-port  fiber  or 
copper  Gigabit  Ethernet  modules,  and  the 
company’s  single-port  10  Gigabit  Ethernet 
module,  which  will  be  available  this  quarter. 
The  6804  chassis  has  a  backplane  of  64G 
bit/sec,  and  can  support  36  Gigabit  Ethernet 
ports  or  384  10/100  ports  (with  telephone 
company  connection  modules)  or  a  mix  of 
the  two.  The  switch  will  compete  with  prod¬ 
ucts  such  as  Cisco’s  Catalyst  6500  series, 
Foundry’s  Fastlron  11  chassis  and  Hewlett- 
Packard’s  ProCurve  5300XL  switch. 

Foundry  is  positioning  its  Layer  2  Fastlron 
Edge  Switch  (FES)  series  of  fixed-configured 
switches  at  enterprise  wiring  closets  as  well, 
but  the  company  is  taking  a  different  tack 
than  rival  Extreme.  The  stackable  switches 


Apples  and  oranges? 


While  Foundry’s  and  Extreme’s  new  switches  have 
different  form  factors,  both  target  the  same  application: 
large  enterprise  wiring  closets. 


Extreme  BlackDiamond  6804 

•  Up  to  384  10/100  ports  per 
chassis. 

•  Redundant  power  supplies. 

•  11  rack-units  (19  inches)  tall. 


Foundry  Fastlron  Edge 
Switch  9604 

•  96  fixed  10/100  ports  on  the 
device. 

•  Redundant  power  supplies. 

•  2.5  rack-units  (4  inches)  tall 


come  in  standard  24- 
and  48-port  versions,  plus  a  96-port  model, 
which  offers  more  ports  in  a  fixed-configured 
switch  than  similar  products  from  other  ven¬ 
dors,  the  company  says. 

The  FES  2402  and  4802  boxes  each  come 
with  two  copper  and  two  fiber  Gigabit  Ether¬ 
net  ports.  With  what  Foundry  calls  its  Safe-T- 
Link  technology,  two  of  the  ports  can  be 
active  simultaneously  to  provide  redundant 
1G  bit/sec  links  to  a  server  or  a  backbone 
uplink.  The  9604  features  four  copper  and 
four  fiber  gigabit  ports,  of  which  four  can  be 
active  at  once  with  Safe-T-Link.The  FES 
switches  support  Layer  2  switching,  and  can 
be  upgraded  to  full  Layer  3  with  a  software 
module. 

Foundry  touts  its  9604  box  as  a  cost-effective 
alternative  to  a  chassis-based  switch  in  wiring 
closets. 

“Competitive  products  need  to  use  a  chassis- 
based  [switch]  to  get  the  same  port  density” as 
the  FES  9604, says  Marshall  Eisenberg, director 
of  product  marketing  for  Foundry.  With  the 
9604,  he  says,  enterprise  users  also  could  save 
half  the  cost  of  smaller  chassis  switches,  such 
as  Cisco’s  Catalyst  4000  series  switch,  or 
Extreme’s  BlackDiamond  6804  or  Alpine  3804, 


which  range  from  $20,000  to 
$24,000. 

Extreme’s  6804  switch  was 
tested  at  the  Appleton  School 
District  in  Wisconsin,  which 
has  26  schools  and  plans  to 
use  one  of  these  switches  in 
each  school  as  desktop  con¬ 
nectivity  boxes,  says  Brent 
Braun,  network  manager  for 
the  district. 

“I  like  that  the  [6804]  has 
such  a  high  density  of  ports  in 
such  a  small  chassis,”  Braun 
says.  “Because  we’re  a  school 
district,  we  don’t  have 
that  much  extra 
space  around 
our  buildings  to 
set  up  full¬ 
blown  wiring  closets.” 

The  schools,  which  con¬ 
nect  to  a  central  facility  via 
single-mode  fiber-optic  cable 
—  provided  by  the  local  cable  TV  company. 
Cisco  Fast  Ethernet  switches  are  currently 
deployed  in  the  schools  and  link  to  an 
Extreme  BlackDiamond  6816  in  the  network 
core,  where  the  schools’  e-mail,  Web  and 
other  servers  are  located.  Braun  plans  to 
replace  the  Cisco  boxes  with  the  6804  chas¬ 
sis  to  utilize  Gigabit  Ethernet  as  an  uplink 
connection  back  to  the  6816  switch. 

Braun  also  chose  the  new  chassis  for  his 
wiring  closets  so  he  could  better  control 
bandwidth  at  the  desktop-connection  level 
with  Layer  3  switching. With  the  ExtremeWare 
software  on  the  6804,  Braun  says  he  will  allo¬ 
cate  set  amounts  of  bandwidth  to  certain 
applications,  which  will  be  identified  by  the 
switch  from  Layer  3  and  Layer  4  packet 
inspection  —  something  that  was  not  possi¬ 
ble  with  his  current  Layer  2  gear.  The  first 
application  he  will  use  this  on  is  IP  tele 
phony,  he  says. 

The  Extreme  BlackDiamond  6804  chassis 
is  available  for  $22,000.  Foundry’s  FES  2402, 
4802  and  9604  are  available  now,  and  cost 
$3,000,  $5,000  and  $12,000,  respectively.  Layer 
3  upgrades  for  each  switch  are  available  for 
an  additional  $1,500,  $2,000  and  $4,000, 
respectively.  ■ 


range  servers  that  start  at  about 
$25,000  and  run  highly  transac¬ 
tional  programs,  such  as  data¬ 
bases  and  CRM  applications. 

The  first  version  of  Itanium, 
launched  in  May,  has  failed  to 
catch  on  and  is  regarded  by  ana¬ 
lysts  as  a  proof  of  concept.  Key  ap¬ 
plications, such  as  Microsoft’s  SQL 
Server, still  don’t  run  on  Intel’s  64- 
bit  platform. 

Intel,  which  will  sell  the  servers 
through  systems  integrators  and 
other  server  vendors,  has  not  re¬ 
vealed  pricing. 

Details,  such  as  pricing,  are  also 
sketchy  about  Sun’s  new  Linux- 
based  Intel  server,  which  is  code- 
named  Big  Bear  but  officially  will 
be  called  the  Cobalt  LX50. 

What  is  known  is  the  box  will  be 
the  company’s  first  general-pur¬ 
pose  server  to  run  Sun’s  home¬ 
grown  Linux  distribution. 

The  LX50  will  feature  two  720- 
byte  hard  drives,  and  future  ver¬ 
sions  will  likely  come  bundled 
with  Sun  software  for  grid  com¬ 
puting  and  Web  application  serv¬ 
ing.  Sun  would  not  comment  on 
the  server. 

While  Sun  is  in  no  way 
abandoning  SPARC-based  So¬ 
laris  boxes  running  Solaris  that 
power  many  data  center  appli¬ 
cations,  the  company  will  target 
the  Linux  box  at  edge  comput¬ 
ing  tasks,  such  as  streaming 
video  and  serving  e-mail.  The 
server  is  expected  to  compete 
with  products  from  Dell,  which 
has  taken  some  of  Sun’s  busi¬ 
ness  with  low-cost  machines. 

In  other  server  news: 

•  Sun  rounded  out  its  entry- 

See  Server,  page  86 
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■  THIS  WEEK'S  QUESTION: 


What's  the  IEEE’s 
802.3ah  Working 
Group  focused  on? 

Answer  this  and  nine  adtftonal  questions 
online  and  you  could  wm  $500!  Visit 

Network  World  Fusioo  and  enter  2349 
in  the  Search  box. 

www.nwfusion.com 
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Finally, 

a  grown-up  server 


Systems  Integration. 

a 

Outsourcing. 

\ 

i 

Infrastructure.  ill 

■ 

a 

Server  Technology. 

i 

a 

Consulting. 

Imagine  it: 

Scaling  up  to  a  server  for  mission-critical 
applications  that’s  stable,  easy  to  manage  and 
delivers  enterprise-class  performance.  All  in  a 
server  that  maximizes  the  benefits  of  your 
enterprise  operations. 


Done: 

Unisys  has  made  it  all  real  with  our  ES7000  server. 
It  harnesses  32  Intel®  Xeon™  Processors  for 
scalability  and  grown-up  enterprise-class 
performance.  Unisys  has  created  a  server  with 
advanced  systems  management  for  less 
babysitting  and  rock-solid  reliability  running 
Microsoft®  Windows®  2000  Datacenter  Server 
software.  It  all  adds  up  to  reduced  total  cost  of 
ownership  and  a  mature  server  environment  to 
simplify  your  operations. 

Server  Technology  with  precision  thinking, 
relentless  execution  to  drive  your  vision  forward. 


©  2002  Unisys  Corporation.  Unisys  is  a  registered  trademark  of  Unisys  Corporation  Irk 
Intel  Inside  logo,  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  #?/.■••  Coipmaun- 
or  its  subsidiaries  in  the  United  States  and/or  other  countries  ©  2002  Microsoft  :.  ; 

All  rights  reserved.  Microsoft,  Windows  and  the  Windows  logo  are  either  registered  trauwrr 
or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries. 
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Sun's  Jini  developers  seek  respect 

Conference  attendees  say  versatile  technology  is  ahead  of  Web  services  development. 


■  BY  JOHN  COX 

BOSTON  —  Web  services  have 
their  place,  but  the  real  focus  for 
distributed  application  builders 
should  be  on  Jini,  according  to 
supporters  of  the  obscure  Sun 
technology 

About  150  developers  attending 
the  sixth  Jini  Community  Meeting 
last  week  heard  updates  on  new 
Jini  initiatives, such  as  Project  Rio, 
a  scheme  for  clustering  comput¬ 
ers.  They  also  learned  about  the 
payoffs  and  pitfalls  of  using  Jini  in 
everything  from  telecom  carrier 
operational  systems  to  mortgage 
rate  calculations  to  military  wea¬ 
pons  systems. 

The  resounding  themes  at  the 
meeting  included: 

•  How  Jini’s  radical  simplicity 
and  distributed  design  make  it 


possible  to  build  applications  as  a 
set  of  relatively  small,  intelligent, 
interacting  services. 

•  How  Jini  services  can  be 
quickly  and  easily  changed,  with¬ 
out  requiring  changes  elsewhere 
in  the  network. 

•  How  Web  services  will  have  to 
be  complemented  by  distributed 
functions  like  those  found  in  Jini, 
if  they  are  to  prove  reliable,  scal¬ 
able  and  adaptable  enough  for 
enterprise  computing. 

Introduced  bySun  in  1999,  Jini 
is  a  set  of  APIs  and  network  pro¬ 
tocols  that  developers  use  to  cre¬ 
ate  programs,  dubbed  Jini  ser¬ 
vices,  on  a  network  that  can  find 
what  they  need  from  other  Jini 
services  to  do  their  jobs. 

The  Jini  runtime  environment 
creates  a  set  of  basic  services, 
such  as  lookup,  a  distributed 


directory. 

When  a  new  Jini  service  is 
added  to  a  network,  it  seeks  out 
the  lookup  service,  and  registers 
itself.  The  lookup  service  then 
notifies  other  Jini  services  that 
have  a  standing  order  to  be  con¬ 
tacted  when  such  a  new  service 
shows  up  on  the  network. 

“The  lookup  service  is  like  a 
matchmaker!’  said  Jools  Entick- 
nap  a  consultant  who’s  working 
with  a  leading  British  telecom 
company  to  deploy  a  Jini  net¬ 
work.  “Once  it  matches  two  ser¬ 
vices,  it  steps  out  of  the  way’ 

Initially  positioned  as  a  means 
to  create  networks  of  embedded 
appliances  or  consumer  devices, 
a  use  that  hasn’t  materialized,  Jini 
has  been  written  off  numerous 
times  in  the  past  two  years. 

But  Enticknap  and  others  at  the 


Systinet  secures  Web  services 


■ 

PROFILE:  SYSTINET 

Location: 

Cambridge,  Mass. 

Founded: 

2000  (originally  called  Idoox  and  based  in  Prague) 

Business: 

Web  services  infrastructure  software. 

Key  personnel: 

CEO  is  Roman  Stanek,  who  previously  founded 
NetBeans,  a  maker  of  Java  development  tools 
for  Linux  that  he  sold  to  Sun  in  1999. 

Employees: 

70 

Financing: 

Privately  held;  Received  seed-round  funding  of 
$2.3  million  led  by  Windcrest  Partners,  3TS 
Venture  Partners,  and  EDventure  Holdings. 

Added  $21  million  in  venture  funding  from 
Warburg  Pincus  in  March. 

Key  customers: 

- 

JP  Morgan,  Ericsson,  Entergy,  DeutscheTelekom. 

_ A 

■  BY  JOHN  FONTANA 

CAMBRIDGE,  MASS.  —  Systinet 
this  week  will  add  security  and 
management  features  to  its  Web 
services  infrastructure  products 
in  an  attempt  to  address  two  of 
the  top  customer  concerns  with 
the  emerging  technology. 

The  highlight  of  the  company’s 
Web  Application  Services  Plat¬ 
form  (WASP)  4.0  is  a  security 
framework  that  controls  access 
to  environments  running  Systi¬ 
net ’s  Java  and  C++  servers. These 
WASP  servers  —  containers  in 
which  Web  services  components 
can  be  executed  —  run  atop  Web 
servers,  application  servers  or 
Java  servlet  engines  from  the 
likes  of  BEA  Systems,  IBM,  Micro 
soft,  Oracle  and  Sun. 

“The  problem  with  security  is  that  no  one  party 
owns  it  all. There  is  app  server  security  Web  services 
security,  back-end  security’ says  Susan  Aldrich, senior 
vice  president  for  consulting  company  Patricia 
Seybold  Group. “Systinet  has  done  a  fine  job  con¬ 
trolling  what  they  can  do  at  their  level  by  making 
security  accessible  to  application  developers  and  by 
easily  allowing  established  security  mechanisms  to 
be  plugged  into  the  platform.” 

The  Systinet  framework  incorporates  authentica¬ 
tion,  authorization,  encryption  and  document  vali¬ 
dation  or  nonrepudiation.  It  supports  HTTP  Basic, 
HTTP  Digest,  Simple  Public  Key  Mechanism  and 
Secure  Sockets  Layer  for  authentication.  The  Java 
server  relies  on  Java  Authentication  and  Author¬ 
ization  Service  to  work  with  corporate  authorization 
systems.  The  C++  server  integrates  authorization 
through  Lightweight  Directory  Access  Protocol  and 
Microsoft's  Active  Directory  XML-level  security  is  sup¬ 


ported  through  XML  Signature, XML  Encryption  and 
Security  Assertion  Markup  Language. 

“We  are  building  these  security  capabilities  into 
the  platform  so  you  don’t  have  to  build  security  into 
your  Web  services  code,”  says  Anne  Thomas  Manes, 
CTO  at  Systinet. 

WASP  4.0  servers  also  include  a  management  con¬ 
sole  for  the  entire  Web  services  platform  and  a  high- 
performance  Simple  Object  Access  Protocol  pro¬ 
cessing  engine  that  uses  streaming  technology. 
Systinet  also  has  added  support  for  Java  technology 
APIs  for  XML. Systinet,  which  began  in  2000,  has  its 
heritage  in  Java.  Founder  Roman  Stanek  also  created 
NetBeans.a  Java  development  tool  for  Linux. 

Systinet  is  offering  a  free  single-CPU  license  for  its 
server  products,  with  software  for  each  additional 
CPU  costing  $2,000.  WASP  also  includes  Universal 
Description,  Discovery  and  Integration  software  that 
is  priced  separately  at  $10,000  per  CPU. 

Systinet:  www.systinet.com 


meeting  said  such  pronounce¬ 
ments  were  premature  and  that 
Jini  has  a  range  of  uses  in  enter¬ 
prise  networks. 

Freddie  Mac,  the  federal  mort¬ 
gage  agency, attaches  a  Java  inter¬ 
face  to  existing,  complex  finan¬ 
cial  computations  that  are  written 
in  C++,  then  uses  Jini  services  to 
run  them  on  a  cluster  of  three 
Unix  PCs  and  two  low-end  Sun 
servers  to  get  faster  performance 
and  improved  scalability. 

Freddie  Mac  programmers  take 
advantage  of  a  Jini  concept 
called  the  “Java  Space,”  a  kind  of 
common  bulletin  board  used  by 
Jini  services  to  find  assignments 
and  post  results  of  the  jobs  they 
complete. 

“With  Java  Spaces,  there  is  no 
central  control  point  or  decision 
point:You  can  add  new  machines 
or  new  services,  and  not  one  line 
of  your  code  has  to  be  changed,” 
says  Oliver  Zeng,  lead  technology 
consultant  with  the  agency’s 
fixed-income  research  group. 

Few  programmers  interviewed 
at  the  conference  said  they  were 
working  with  Web  services,  ex¬ 
plaining  that  they’re  tackling 
more  complex  problems  than 
simply  using  XML  and  Simple  Ob¬ 
ject  Access  Protocol  to  exchange 
data  in  agreed-on  formats. 

But  Enticknap  is  using  Jini  as 
the  link  between  back-end  ser¬ 
vices,  including  billing  and  provi¬ 
sioning,  and  Web  services  on  the 
front  end.  This  setup  lets  a  com¬ 
pany  make  extensive  back-end 
changes  and  have  these  distrib¬ 
uted  to  the  various  Web  services 
automatically,  and  without  inter¬ 
ruptions,  he  said. 

Meeting  attendees  expressed 
skepticism  that  Web  services 
could  fulfill  the  overheated 
expectations. 

“In  Jini,  you  have  a  flexibility 
and  adaptability  that’s  not  evi¬ 
dent  in  Web  services,”  said  Nigel 
Warren,  director  of  technology 
for  IntraMission,  a  British  com¬ 
pany  that  has  created  a  Jini- 
based  product  for  the  telecom 
industry. 

“The  key  issue  with  Web  ser¬ 
vices  is,  first,  will  they  scale,  and 
second, how  will  I  change  them?” 
he  said.  ■ 
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Building  the  Optical  Enterp 

Cisco  COMET  provides  an  optical  answer  to  enterprise  requirements  for  voice, 

IP  convergence,  storage  and  more. 


I  Voice 


m. 


AS  ENTERPRISE  NETWORKS  INCREASE 

in  importance  to  business  operations,  network  architects 
must  continually  look  for  ways  to  meet  new  demands  for 
bandwidth,  resilience  and  performance.  At  the  same  time, 
enterprises  are  under  pressure  to  contain  costs  even 
while  they  are  being  asked  to  improve  service. 

Explosive  growth  in  e-commerce  and  Internet  transactions  is  driving  require¬ 
ments  for  higher  network  bandwidths.  For  many,  the  most  efficient  way  to  meet 
this  demand  is  to  build  a  single  high-performance  network  that  can  handle  all 
their  voice,  data  and  video  network  requirements.  Increasingly,  customers  will 
find  this  new  network  infrastructure  is  built  on  top  of  optical  technology.  Vendors 
such  as  Cisco  Systems,  with  its  Complete  Optical  Multi-service  Edge  and 
Transport  (COMET)  product  portfolio,  are 
delivering  optical  technology  tailored  to 
meet  enterprise  requirements. 

Enterprise  networks  have  grown  to  employ 
a  mix  of  services.  A  typical  network  may 
have  TDM  private  lines  supporting  voice 
with  frame  relay  and  ATM  services  handling 
data,  at  speeds  ranging  fromTI/EI  toT3/E3 
or  even  OC-3/STM-1  and  above.  On  the 
LAN,  Ethernet  rules,  with  speeds  consis¬ 
tently  increasing  from  its  original  10Mbps 
roots  on  copper  wire,  to  100M  and  gigabit 
speeds  on  both  copper  and  fiber.  Now 
lOGbps  Ethernet  is  even  starting  to  emerge 
in  both  the  LAN  and  metropolitan-area  net¬ 
works  (MANs). 

Today,  most  Ethernet  LANs  are  used  to 
transport  IP  traffic.  Once  used  solely  to 
carry  data,  with  the  dramatic  increase  in 
LAN  speeds  and  accompanying  improve¬ 
ments  to  the  protocol  itself,  IP  is  now  doing 
far  more.  Enterprises  are  finding  they  can 
build  all-IP  networks  that  support  all  of  their 
voice,  video  and  data  network  applications. 

Vendors  like  Cisco,  with  its  Architecture  for 
Voice,  Video  and  Integrated  Data  (AVVID), 

are  delivering  network  switches,  routers  and  other  components  that  make  truly 
converged  networks  possible.  AVVID  guarantees  not  only  the  availability  of 
large  amounts  of  bandwidth,  but  the  quality  of  service  (QoS)  characteristics 
required  by  delay-sensitive  applications  like  voice  and  video. 

Storage  is  another  application  that  comes  with  stringent  performance  and 
bandwidth  demands.  Whether  the  enterprise  chooses  to  deploy  storage-area 
networks  (SANs)  or  network-attached  storage  (NAS)  devices,  they  need  a  reli¬ 
able,  high-speed  network  underneath.  Business  continuance  applications  that 
demand  off-site  storage  require  these  networks  be  extended  across  the  metro 
area,  with  bandwidth  and  reliability  requirements  that  are  nearly  impossible  to 
achieve  with  traditional  wide-area  transport  services  such  as  frame  relay  and 
private  leased  lines. 

Converging  on  COMET 

A  confluence  of  factors  is  now  making  it  possible  for  enterprises  to  support 
bandwidth-intensive  applications  such  as  storage  consolidation  and  disaster 
recovery.  First  is  the  ability  to  lease  dark  fiber-optic  cable  and  optic  wavelengths 
from  service  providers.  Increasingly,  enterprises  are  finding  that  fiber  or  wave¬ 
lengths  are  available  to  a  number  of  their  buildings  in  any  given  metro  area,  hav¬ 
ing  been  laid  years  ago  by  carriers  in  anticipation  of  future  requirements.  New 
fiber  is  likewise  being  installed  at  a  steady  pace,  in  both  the  WAN  and  the  MAN. 

At  the  same  time,  carriers  and  enterprises  alike  now  have  the  technology 


required  to  “light"  that  previously  dark  fiber  and  use  it  to  support  their  myriad 
bandwidth  and  application  requirements.  Optical  technologies  like  Wave  Division 
Multiplexing  (WDM)  enable  any  service  to  be  carried  over  wavelengths  of  light. 
WDM,  integrated  as  part  of  a  Multi-service  Provisioning  Platform  (MSPP),  can 
carry  anything  from  Ethernet  traffic  to  ATM,  frame  relay  and  private  lines. 

"Optical  Fiber  and  DWDM  technology  enable  enterprise  customers  to  create  a 
very  high  bandwidth  optical  infrastructure  in  the  MAN  today,”  says  Carl 
Engineer,  director  of  marketing  at  Cisco.  "Multiple  wavelengths  can  be  used  to 
aggregate  all  types  of  traffic,  from  lower-speed  services  on  one  wavelength  of 
light  and  higher-bandwidth  services  such  as  ESCON,  Fibre  Channel  and  uncom¬ 
pressed  digital  video  over  other  wavelengths.” 

Cisco  gives  enterprises  the  opportunity  to  take  advantage  of  optical  technolo¬ 
gy  through  its  COMET  product  portfolio.  COMET  provides  an  array  of  optical 
networking  equipment  that  enables  enterprises  to  extend  and  manage  across 
the  MAN  all  the  voice,  data  and  video  applications  that  Cisco  AVVID  technolo- 


Cisco  COMET:  The  Optical  Foundation  for  Cisco  AVVID 

The  Cisco  COMET  portfolio,  anchored  by  the  ONS  switch  family,  enables  enterprises  to  support  any  mix  of  voice, 
video,  data,  storage  and  disaster  recovery  applications. 
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gy  has  long  supported  in  campus  networks. 

COMET  builds  on  the  wealth  of  experience  in  routing  and  switching  that  is 
inherent  in  the  Cisco  IOS  infrastructure  and  blends  it  with  carrier-class  optical 
technology.  COMET  provides  for  the  provisioning  of  any  enterprise  network  ser¬ 
vice  or  application  over  an  optical  network  with  no  single  point  of  failure.  QoS 
capabilities  are  likewise  supported  end-to-end,  as  COMET  equipment  can  inter¬ 
operate  fully  with  an  enterprise's  existing  Cisco  internetworking  equipment  and 
with  carrier-provided  services. 

That's  an  important  point,  Engineer  notes,  because  fiber  deployment  is  an  evo¬ 
lutionary  process.  “In  any  one  city,  the  probability  that  you’ll  be  able  to  tie  100% 
of  your  buildings  together  with  fiber  is  fairly  low,  but  there’s  a  high  probability 
that  you’ll  be  able  to  reach  40%, "  he  says.  That  means  enterprises  will  need  a 
hybrid  architecture  for  some  time,  one  capable  of  mixing  private  optical  services 
where  fiber  is  available  and  carrier-provided  services  where  it  is  not. 

Overtime,  enterprises  will  be  able  to  converge  all  of  their  voice,  data,  video  and 
storage  networks  onto  a  single,  highly  resilient  optical  infrastructure,  providing 
cost  efficiencies  in  terms  of  operational  expenses  and  recurring  carrier  charges 
while  positioning  the  enterprise  to  meet  future  demands. 

In  short,  the  Cisco  COMET  portfolio  enables  enterprises  to  cost-effectively 
meet  the  demand  for  reliable,  high-performance  networks  that  support  con¬ 
verged  voice,  data  and  video  applications  today  while  positioning  them  to  meet 
whatever  new  requirements  the  future  may  bring. 


Learn  more  about  optical  networking  with  Cisco  COMET: 
Download  a  COMET  white  paper  from  WWW.nwfusion.com/gocc/opticaiv>' 
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Corporate  instant  messaging 

Many  corporations  are  now  using  instant  messaging  or 
considering  its  use,  according  to  a  survey  of  164  IT 
managers  by  Osterman  Research. 

Which  of  the  following  best  describes  your 
company's  current  or  planned  use  of 
instant  messaging  (IM)  for  business 
applications? 

■  We  are  currently  using  IM. 

■  We  are  not  using  IM,  but  we  will  do  so. 

■  We  are  not  using  IM,  but  we  may  do  so. 

We  have  no  plans  to  use  IM. 


28.7% 

29.3V 

11%  i 

Which  of  the  following  best  describes 
your  IT  organization's  current 
attitude  toward  instant  messaging? 


Supports  it. 

I  Neutral 

I  Opposes  it,  but  not  doing  anything  about  it. 
I  Opposes  it  actively. 

I  Hasn’t  really  thought  about  it. 


Note:  Numbers  are  rounded  up. 


Vendor 
lays  out 
its  firewall 
road  map 

■  BY  ELLEN  MESSMER 

SAN  JOSE  —  Secure  Com¬ 
puting  this  week  will  outline 
plans  to  boost  the  management 
capabilities  of  its  Gauntlet  and 
Sidewinder  firewalls  and  will  pre¬ 
view  a  more  scalable  and  fea¬ 
ture-filled  firewall/VPN  box  that 
will  replace  those  products  by 
the  middle  of  next  year. 

The  new,  as  yet  unnamed  de¬ 
vice  will  combine  the  best  of  the 
company’s  firewalls,  such  as  the 
ability  to  run  antivirus  software 
and  perform  Fbrt  80  HTTP  appli¬ 
cation  filtering. The  new  box  also 
will  boast  multigigabit  speeds 
and  support  for  hundreds  of 
thousands  of  simultaneous  con¬ 
nections  (the  existing  products 
max  out  at  roughly  650M  bit/sec 
and  70,000  connections). 

Other  features  will  include  Ac¬ 
tive  Directory  support,  antidistrib¬ 
uted  denial-of-service  attack  tech¬ 
nology  and  reporting  functions. 

The  box  will  feature  improved 
management  capabilities  that  Se¬ 
cure  Computing  first  will  make 
available  later  this  year  for  its 
existing  Gauntlet  and  Sidewinder 
products,  both  of  which  the  com¬ 
pany  plans  to  support  into  2004. 
Questions  about  product  support 
for  the  two  lines  were  triggered  in 
February  by  Secure  Computing’s 
acquisition  of  Gauntlet  from  Net¬ 
work  Associates  for  what  sources 
said  was  about  $5  million. 

The  new  management  capabil¬ 
ities,  in  what  Secure  Computing 
will  call  its  Enterprise  Manage¬ 
ment  Server,  give  the  company 
an  answer  to  Check  Point  Soft¬ 
ware’s  management  software, 
which  is  known  for  its  ability  to 
distribute  firewall  policies  to  hun¬ 
dreds  of  firewalls  at  once. 

“That’s  something  we  can’t  do 
today’  says  Brian  Carver,  corpo¬ 
rate  information  security  officer 
at  Blue  Cross/Blue  Shield  of  Kan¬ 
sas,  a  Sidewinder  customer. 

Management  configuration, 
such  as  blocking  FTP  or  telnet,  is 
done  manually  for  each  Secure 
Computing  firewall. 

Secure  Computing  also  is  work¬ 
ing  on  software  that  ensures 
back-up  Sidewinder  or  Gauntlet 
firewalls  not  only  restore  service 
but  also  maintain  the  state  of  the 
firewall  connection  ■ 


■  BY  JOHN  FONTANA 

With  demand  for  corporate- 
class  instant  messaging  expected 
to  soar  over  the  next  few  years, 
start-up  Linqware  this  week  will 
try  to  help  satisfy  the  demand 
with  a  product  aimed  at  thin- 
client  terminals. 

Meanwhile,  established  cor¬ 
porate  instant-messaging  pro¬ 
vider  Jabber  will  take  the  wraps 
off  its  newest  Web-based  in¬ 
stant-messaging  client,  which 
will  let  the  technology  be  inte¬ 
grated  into  corporate  applica¬ 
tions  and  portals. 

The  number  of  users  of  corpo¬ 
rate  instant  messaging  is  ex¬ 
pected  to  grow  to  200  million  by 
2006,  according  to  a  forthcoming 
report  by  Ferris  Research.  Cur¬ 
rently  there  are  nearly  20  million 
corporate  users. 

“There  is  a  growing  awareness 
of  the  benefits  of  instant  messag¬ 
ing,”  says  Michael  Sampson,  an 
analyst  with  Ferris.  “Growth  will 
be  fueled  by  incorporation  of  in¬ 
stant  messaging  into  other  appli¬ 
cations, such  as  supply-chain  sys¬ 
tems  and  CRM.” 


But  observers  say  network  ex¬ 
ecutives  are  still  assessing  linger¬ 
ing  security  concerns  about  the 


technology,  especially  opening 
holes  in  their  firewalls  to  accom¬ 
modate  instant-messaging  traffic. 


Packeteer  adds  deep  reporting 


■  BY  JENNIFER  MEARS 

CUPERTINO,  CALIF  —  Packeteer  this  week  will 
unveil  reporting  features  for  its  AppCelera  Web 
acceleration  device  that  use  real-time  traffic  figures 
to  give  companies  an  in-depth  look  at  how  their 
online  applications  are  performing. 

The  reporting  features  come  in  PacketWise/XA 
3.0,  which  is  the  software  that  powers  the 
AppCelera  device.  With  the  updated  software, 
AppCelera’s  reporting  capabilities  will  go  beyond 
basic  bandwidth-utilization  information  to  help 
companies  perform  tasks  such  as  comparing  per¬ 
formance  during  specific  time  periods,  under¬ 
standing  how  users  are  accessing  Web  sites,  and 
drilling  down  into  response  times  for  URL,  direct¬ 
ory,  server  or  geographic  location. 

“We’ve  added  a  full  database  that’s  collecting  real¬ 
time  data  at  all  times  on  a  lot  of  different  metrics  that 
might  interest  a  Web  site  or  application  administra¬ 
tor’’ says  Steve  House,  manager  of  product  marketing 
for  AppCelera. 

AppCelera  sits  in  front  or  alongside  Web  servers 
and  determines  how  a  user  is  accessing  an  online 
application  or  Web  site,  whether  by  low-speed  dial¬ 
up  or  high-speed  access,  and  what  browser  is  being 
used  to  access  the  content.  In  response,  AppCelera 
uses  compression  and  image 
conversion  technologies  to 
deliver  content  in  the  best  way 
for  the  user. 

Dean  Ellerton,  director  of 
technology  at  Suffield  Acad¬ 


emy  in  Connecticut,  says  he’s  eager  to  use  the 
enhanced  reporting  features.  The  older  version  of 
AppCelera  provided  basic  information  but  didn’t 
get  into  a  lot  of  performance  detail,  he  says. 

“Now  you  can  say, ‘I’d  like  to  know  for  this  domain, 
for  example,  over  the  last  week,  how  it’s  performed.’ 
And  it  will  give  you  some  very  nice  graphs  and  data 
that  you  can  export  to  be  able  to  compare  what  it’s 
been  doing,”  he  says. 

AppCelera  competes  with  products  from  compa¬ 
nies  such  as  FineGround  Networks,  RedLine  Net¬ 
works  and  BoostWorks.  The  new  reporting  tool  is 
more  extensive  than  other  products,  analysts  say 

PacketWise/XA  3.0  for  AppCelera  is  in  beta  testing 
and  will  be  generally  available  in  early  August. 

The  company  also  will  announce  a  redesign  of  its 
centralized  reporting  application,  ReportCenter,  that 
aggregates  performance  information  for  its  band- 
width-management  PacketShaper  and  application- 
management  AppVantage  systems. 

The  revamped  ReportCenter  for  the  first  time  col¬ 
lects,  processes  and  aggregates  performance  data 
from  PacketShaper  and  AppVantage  devices,  giving 
customers  a  comprehensive  look  at  how  their  net¬ 
work  is  performing.  It  also  includes  an  easier-to-use 
interface  and  preconfigured  reports  that  cover  met¬ 
rics  such  as  availability,  throughput  and  application 
performance.  ReportCenter 
2.0  also  is  undergoing  beta 
testing  and  will  be  available  in 
October.  Pricing  for  each  will 
vary  depending  on  size  of 
deployments.  ■ 
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Regardless,  Gartner  predicts 
that  by  2005,  instant  messaging 
will  be  integrated  into  50%  of  the 
applications  that  businesses  use 
to  directly  interact  with  channel 
partners  and  customers. 

It's  in  that  environment  that 
Linqware  is  introducing  its 
Collabrix  platform,  which  in¬ 
cludes  a  server  that  manages, 
tracks  and  archives  instant-mes¬ 
saging  usage.  The  client  software, 
while  suitable  to  run  on  a  desk¬ 
top,  is  being  targeted  for  use  in  a 
Citrix  thin-client  environment. 
(Read  more  about  another  Citrix 
rollout,  page  27.) 

“We  use  Citrix  to  support  access 
to  our  systems  from  our  remote 
franchises, ’’says  Dave  Malys, direc¬ 
tory  of  instant  messaging  for 
Miralink  Group,  an  outsourcer  of 
payroll,  benefits  and  other 
employer  services.  “We  tried  AOL 
but  blocked  it  because  of  vulner¬ 
abilities,  and  we  couldn’t  use  in¬ 
stant  messaging  through  [Micro¬ 
soft’s]  Exchange  2000  because 
our  franchise  offices  don’t  run 
that  software.”  He  says  Citrix  was  a 
natural  for  instant  messaging. 

A  key  feature  is  a  unique  “co¬ 
pilot”  option  that  lets  users  share 
an  application  from  within  the 
Collabrix  client,  Malys  says. 

The  Collabrix  server,  which  runs 
on  Windows  9X,  NT  and  2000,  also 
lets  Malys  archive  instant-messag¬ 
ing  threads,  another  key  demand 
by  corporate  users. 

Others  vendors,  such  as  Wired- 
Red,  are  beginning  to  offer  simi¬ 
lar  features  (see  related  story, 
page  33). 

The  Collabrix  platform,  includ¬ 
ing  server,  costs  $100  per  user. 

Jabber,  meanwhile,  is  introduc¬ 
ing  Version  1.3  of  Jabber  Web- 
Client,  which  can  now  be  embed¬ 
ded  in  other  applications.  Pre¬ 
viously, WebClient, which  does  not 
require  any  dient-side  software, 
popped  up  as  a  separate  window. 

“If  you  want  to  build  chat  into  a 
portal, your  customers  stay  within 
that  portal.  They  don’t  go  to 
another  application,”  says  Paul 
Hemming,  product  manager  for 
Jabber  client  software. 

Jabber,  which  competes  with 
such  instant-messaging  platforms 
as  Lotus  Sametime  and  Windows 
Messenger,  also  has  added  text 
conferencing  and  sound  notifica¬ 
tion  to  WebClient,  along  with  sup¬ 
port  for  Secure  Sockets  Layer. 

WebClient  is  included  with 
Jabber  IM  Server,  which  costs 
$3  to  $16  per  seat  depending 
on  volume.  ■ 
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ET  vendors  ready  wares  for  retail  crowd 


■  BY  ANN  BEDNARZ 

CHICAGO  —  With  retailers  shifting  from 
a  build-it-in-house  to  a  buy-it-off-the-shelf 


mentality  vendors  exhibiting  this  week  at 
one  of  the  retail  industry’s  biggest  network 
and  IT  conferences  hope  to  snare  some  of 
their  spending  money 


Organizers  expect  the  Retail  Systems 
2002/VICS  Collaborative  Commerce  con¬ 
ference  to  draw  between  3,500  and  4,000 
attendees,  which  is  roughly  in  line  with 
last  year’s  attendance;  272  exhibitors  are 
lined  up,  down  from  last  year’s  340 
exhibitors.The  show  consolidates  two  pre¬ 
viously  separate  but  concurrent  events. 

Experts  say  retailers'  IT  dollars  are  ear¬ 
marked  these  days  for  point-of-sale  (POS) 
upgrades,  communications  infrastructure, 
application  integration  and  data  analyt¬ 
ics, among  other  areas.In  general, there’s  a 


ing  is  to  let  retailers  and  suppliers  manage 
real-time  information  starting  at  the  pur¬ 
chasing  point  and  extending  into  the 
retail  supply  chain  via  kiosks,  wireless 
devices  and  servers,  the  companies  say. 

Others  announcing  products  at  the 
show  include: 

•  Texas  Instruments,  which  will  show  its 
new  line  of  radio  frequency  identification 
(RFID)  smart  label  components,  which 
will  let  retailers  track  items  at  various 
points  along  the  supply  chain,  including 
at  manufacturing  facilities,  distribution 


Cisco  Systems 


Cisco  Press 


MPLS  Solutions  from  Cisco  Press 


Master  MPLS  and  VPI\I  construction 
and  prepare  for  the  CCIP™  MPLS  exam 

ISBN:  1-58705-081-1 


Maximize  your  network  efficiency 
through  MPLS  TE 

ISBN:  1-58705-031-5 


|k 


Understand  advanced  MPLS 
implementations 

ISBN:  1-58705-020-X 


Additional  Switching  Solutions 

CCIE  Routing  and  Switching  Exam  Certification  Guide  ISBN:  1-58720  053  8 
Building  Cisco *  Multilayer  Switched  Networks  ISBN:  1-57870-093-0 
Cisco  LAN  Switching  ISBN:  1-57870-094-9 
Cisco  Interactive  Mentor,  LAN  Switching  ISBN:  1 -58720-02 1-X 


Visit  ciscopress.com  for  more  information  about  these  and  other 
Cisco  Press  book  and  software  products. 
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Retailers  say  application  integration  and  data  delivery  are  top 
investment  priorities  for  their  back-end  systems. 

Improving  integration  among  corporate  systems 

47.9% 

Information  access  and  dissemination,  such  as  data  mining 

46.5% 

Inventory  management  and  optimization 

39.4% 

Warehouse  logistics 

38% 

Distribution  center  productivity 

31% 

Core  merchandising  systems 

28.2% 

Supplier  and  partner  collaboration 

23.9% 

Revenue  and  price  optimization 

21.1% 

Administration,  financials,  human  resources 

14.1% 

Global  sourcing  and  import  management 

2.8% 

source  p wc  consulting  and  executive  technology  based  on  a  survey  or  :»  retau 

EXECUTIVES;  MULTIPLE  RE SPONSES  A LIOWEO. 

• _ _ _ _ _ 

C«OS  AND  IT 

move  under  way  from  custom-built  appli¬ 
cations  to  packaged  applications,  accord¬ 
ing  to  a  survey  of  71  retail  CIOs  and  IT 
;  executives  conducted  this  spring  by 
PricewaterhouseCoopers  and  Executive 
Technology  The  survey  found  49.3%  of 
respondents  expect  to  have  mainly  pack¬ 
aged  applications  within  three  years. 

POS  systems,  in  particular,  are  getting  a 
lot  of  attention.  In  many  cases,  POS  sys¬ 
tems  are  10  to  20  years  old  —  and  some¬ 
times  even  as  old  as  the  cashiers  operat¬ 
ing  them,  PricewaterhouseCoopers  ana¬ 
lysts  found.  Aging  POS  systems  are  a  con¬ 
stant  drain  on  IT  resources,  can’t  support 
emerging  applications  and  typically  are 
poorly  integrated  with  other  systems.  As  a 
result,  59.3%  of  respondents  say  replacing 
or  extending  the  life  of  POS  registers  is 
their  No.  1  spending  priority  for  customer¬ 
facing  systems. 

Just  in  time,  retail  software  maker  Retek 
will  debut  a  POS  product  at  this  week’s 
show.  Retek  traditionally  offers  software 
for  CRM,  supply-chain  management,  and 
retail  planning  and  optimization.  Now, 
through  its  April  acquisition  of  Chelsea 
Market  Systems,  Retek  has  a  new  POS  sys¬ 
tem  to  add  to  its  portfolio:  the  Java-based 
Retek  Pbint-of-Service  product. 

Microsoft  and  Intel  also  have  their  sights 
set  on  POS.  Along  with  Pricewaterhouse¬ 
Coopers,  the  companies  will  announce  at 
the  show  plans  to  deliver  a  POS  system 
based  on  Intel’s  processors,  Microsoft’s 
operating  system  and  Pricewaterhouse¬ 
Coopers  systems  integration  expertise. 
The  goal  of  the  trio’s  Extended  POS  offer- 


centers  and  retail  stores.  A  demonstration 
at  the  show  will  include  a  reader  that  can 
identify  boxed  RFID-tagged  items  —  to 
show  that  line-of-sight  is  not  required  — 
and  an  in-store  scenario  with  RFID- 
enabled  shelves  for  quickly  locating  mer¬ 
chandise. 

•  Brickstream,  a  start-up  that  launched 
in  January  with  a  suite  of  video-based 
monitoring  software  for  tracking  cus¬ 
tomer  service  and  merchandising  effec¬ 
tiveness,  will  unveil  tools  that  alert  retail¬ 
ers  through  wireless  devices  when  certain 
events  occur  in  their  stores,  such  as  long 
checkout  lines,  people  abandoning 
checkout  lines,  or  unusually  high  cus¬ 
tomer  arrival  rates.  Brickstream  Alerts  will 
deliver  an  alert  message  to  any  e-mail- 
compatible  device  such  as  a  PDA,  cell 
phone,  pager  or  in-store  wireless  phone.  ■ 


Corrections 


■  The  story  “Newcomers  angle  for  secur¬ 
ity  role,"  (June  17,  page  1)  should  have 
stated  that  Wells-Dairy  is  deploying  Sygate 
on  500  desktops. 

■  In  the  story  “Vendor  gussies  up  free¬ 
ware  to  solve  net  mgmt.  needs"  (June  17, 
page  14)  the  Net  Vigil  software  is  not  the 
Nocol  freeware  application  packaged  as  a 
commercial  product.  Nocol  performs  only 
lault  management;  NetVigil  does  perfor¬ 
mance  management  as  well. 


Advertising  Supplement 


Cisco  AWID  Partner  Program 


IN  A  WORLD  FULL  OF  ACRONYMS  AND  JARGON, 

I  often  wonder  if  the  simplicity  of  an  architectural 
approach  to  technology  solutions  gets  lost.  According 
to  the  Meniam-Webster  Collegiate  Dictionary,  a  definition  of 
the  word  architecture  is  “a  unifying  or  coherent  form  or 
structure."  Cisco  AVVID  (Architecture  for  Voice,  Video 
and  Integrated  Data)  is  an  acronym  that  describes  an 
architectural  approach  to  technology  that  unifies. 

Today’s  Internet  business  solutions  require  an  intelligent 
network  infrastructure,  and  Cisco  AVVID  provides 
the  industry  an  enterprise-wide,  standards- based  net¬ 
work  architecture.  Cisco  AWID  delivers  the  road 
map  for  unifying  business  and  technology  strategies 
into  one  cohesive  model. 

However,  as  the  economy  changes  and  savvy 
companies  change  with  it,  clearly  one  cannot  live 
and  work  in  a  vacuum.  Working  with  partners  is 
crucial  to  success  and  critical  in  meeting  changing 
customer  needs. 

The  Cisco  AVVID  Partner  Program  is  an  interoperabil¬ 
ity  testing  and  co-marketing  program  enabling  leading 
product  and  services  firms  to  deploy  innovative  e-business 
solutions. The  program  provides  enterprise  customers 
with  information  regarding  Cisco  AVVID  partner  prod¬ 


ucts  and  services  that  an  independent  testing  facility  has 
tested,  verified  and  found  to  interoperate  with  a  specified 
version  of  Cisco  networking  technology.  Enabled  by 
Cisco  AVVID  and  key  partners,  these  solutions  foster 
innovation,  drive  industry  standards,  and  accelerate  the 
integration  of  business-critical  technologies  with  an  open, 
standards-based  network  architecture. 

The  seven  technology  solution  areas  in  the  Cisco 
AVVID  Partner  Program  are:  Content  Networking, 
Customer  Contact,  IP  Telephony,  IP  Videoconferencing, 
Network  and  Service  Management,  Security  and  VPN, 
and  Storage  Networking. 

The  next  few  pages  will  talk  about  ten  Cisco  AVVID 
partners,  along  with  their  customers,  as  they  speak  to  the 
success  and  simplicity  of  an  architectural  approach  to 
technology  solutions  and  the  many  benefits  attained  by 
working  together  through  the  Cisco  AVVID  Partner 
Program. 

Best  Regards, 

Michael  Swailes 

Director,  Enterprise  Marketing 

Cisco  Systems,  Inc. 


Total  Infrastructure  Support 


Today,  your  job  as  a  Network  Executive 

is  all  about  return  on  investment.  You  must  ensure 
that  every  dollar  spent  on  technology  helps  your 
company  do  business  better,  faster  and  easier  than  ever 
before.  There  are  several  things  you  can  do  to  guar¬ 
antee  success. 

The  first  is  to  build  a  network  infrastructure  that 
is  capable  of  supporting  a  whole  range  of  applica¬ 
tions  and  services  like  VoIP,  unified  messaging,  cus¬ 
tomer  relationship  management,  e-commerce  and 
QoS. This  requires  a  road  map  for  a  comprehensive 
network  architecture  that  provides  interoperability, 
addresses  quality  and  end-to-end  security,  covers 
management  and  monitoring,  and  paves  the  way  for 
future  services  that  we  have  yet  to  envision. 

Second,  find  partners  who  can  help.  With  a  myriad  of 
complex  technologies  and  issues,  it’s  far  easier  to  accom¬ 
plish  your  goals  with  skilled  and  knowledgeable  partners 
who  can  not  only  provide  the  equipment  and  software, 
but  who  also  understand  the  overarching  architecture. 


One  company — Cisco  Systems — is  building  total 
infrastructure  solutions  via  technology  partners,  and  then 
forging  relationships  with  Network  Executives  to  help 
them  implement  their  network  strategies  and  achieve 
their  business  and  ROI  goals. The  Cisco  AVVID  Partner 
Program  includes  partners  and  products  that  are  focused 
on  delivering  speed,  reliability,  cost  reduction  and  inter¬ 
operability  to  their  customers.  With  over  200  partners, 
and  growing,  the  Cisco  AVVID  Program  enables  tech¬ 
nologies  such  as  voice  and  video,  content  networking, 
VPNs,  security,  optical  networking  solutions  and  more. 
Read  on  to  learn  about  some  of  the  products,  services 
and  solutions  available  from  the  Cisco  AVVID  Program 
and  its  partners. 

Best  Regards, 

Evilee  Thibeault 
Publisher  &  CEO 
Network  World 


for  Voice,  Video  and  Integrated  Data 
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IP  Contact 
Solution 
Answers 
the  Call 


arc 


A  new  software- based  contact  center 
positions  Contact  III  for  growth 


Brokerage 
Security  Is 
Right  on  the 

Money  ubizen 

KBC  Securities  turns  to  we  secure  e-business 

a  managed  security  service  provider  to 
monitor  its  online  trading  system 


Contact  III,  a  unit  of  Pertemps,  a  large  U.K.- 

based  recruitment  agency,  had  a  humble  begin¬ 
ning — the  business  provided  contact  center 
services  with  a  few  agents  working  from  a  basement. 
About  the  time  the  company  had  evolved  to  55  seats 
over  two  offices,  Contact  III  faced  a  sudden  growth 
spurt.  Contact  Ill’s  largest  customer  needed  the  provider 
to  nearly  double  its  contact  center  capacity,  under  a  very 
tight  deadline.  Finding  the  right  contact  center  system 
was  paramount.  Moving  quickly,  the  Contact  III  team 
decided  on  a  “soft”  or  IP  contact  center,  based  on  a 
unique  combination  of  Cisco  CallManager  and  an  auto¬ 
matic  call  distribution  sys¬ 
tem  (ACD)  from  ARC 
Solutions,  a  Cisco  AWID 
IP  Telephony  partner.  Calls 
are  now  routed  to  agents 
based  on  skill  level,  rather 
than  just  availability,  and  the 
center  can  handle  e-mail 
and  Web  inquiries  in  addi¬ 
tion  to  phone  calls.  Also, 
the  contact  center  manager 
has  a  host  of  reports  avail¬ 
able  at  a  few  clicks  of  the 
mouse.  Due  to  the  Cisco 
and  ARC  Solutions  IP 
Telephony  deployment, 
Contact  III  has  expanded 
to  a  flexible,  scalable,  fully 
featured  contact  center  that  is  better  able  to  serve  its  cus¬ 
tomers’  ever-changing  needs.  And  being  poised  for  future 
growth  is  a  value-add  for  any  business. 


Due  to  the  Cisco 
and  ARC  Solutions 
IP  Telephony 
deployment, 
Contact  III  has 
expanded  to  a 
flexible,  scalable, 
fully  featured 
contact  center 
that  is  better  able 
to  serve  its 
customers’ 
ever-changing 
needs. 


When  KBC  Securities,  Belgium’s  largest  broker¬ 
age  house,  launched  an  online  trading  applica¬ 
tion  two  years  ago,  security  was  the  overrid¬ 
ing  concern.  Like  most  financial  institutions,  KBC 
Securities  knew  it  could  not  afford  to  be  hacked  and 
break  trust  with  its  customers.  But  the  IT  organization 
was  aware  that  it  did  not  have  the  staffing  resources  to  take 
on  the  task  of  round-the-clock  monitoring  and  manage¬ 
ment  of  security  devices.  The  solution  for  KBC  Securities 
was  a  combination  of  Cisco  P1X®  firewalls  along  with 
Web  server  security  software  and  a  managed  security 
service  provided  by  Ubizen,  a  Cisco  security  and  VPN 
(virtual  private  network)  AWID  partner.  The  Ubizen 

OnlineGuardian®  managed 


The  result  of  this 
relationship  between 
Cisco  and  Ubizen  is 
a  highly  secure  trading 
operation — with  no 
breaches  in  more 
than  two  years  of 
operations. 


security  service  provides 
24x7,  follow-the-sun  mon¬ 
itoring  and  management  of 
all  of  KBC  Securities’  fire¬ 
walls  from  security  opera¬ 
tions  centers  in  Europe  and 
the  United  States.  KBC 
Securities  also  installed 


Ubizen  DMZ/Shield™,  an 
application-level  firewall  designed  to  stop  malicious  attacks 
such  as  the  “Code  Red”  virus  as  well  as  denial-of-service 
attacks,  buffer  overflows  and  mere  password  snooping.  The 
result  of  this  relationship  between  Cisco  and  Ubizen  is  a 
highly  secure  trading  operation — with  no  breaches  in 
more  than  two  years  of  operations.  The  added  benefits  are 
continuous  coverage  at  about  half  of  what  it  would  cost 
KBC  Securities  to  monitor  and  manage  the  system  itself, 
as  well  as  increased  customer  confidence  in  the  security  of 
KBC  Securities’  Web  site. 


The  ARC  Solutions-Cisco  AWID  IP 
Telephony  solution  for  Contact  III  can 
be  found  at: 

www.nwfusion.com/go/contact3 


The  Ubizen-Cisco  AWID  Security 
Services  solution  for  KBC  Securities 
can  be  found  at: 


Architecture  for  Voice, 


Video  and  Integrated  Data 
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Authentication 

Is  Good  secure 
Medicine  computing 


Kindred  Healthcare’s  remote  access 
solution  enhances  patient  care  while 
protecting  privacy 


Kindred  Healthcare,  a  provider  of  long-term 

healthcare  services,  operates  hospitals  and  nursing 
homes  in  43  states  and  manages  53,000  employ¬ 
ees.  The  Louisville,  Kentucky-based  organization  knew  it 
needed  a  better  remote  access  method  for  mobile 
employees.  Physicians  and  administrative  personnel  who 
needed  to  access  network  applications  away  from  the 
office  were  frustrated  by  the  dial-up  access  method  they 
were  using.  In  particular,  dial-up  was  too  slow  for  doctors 
to  transmit  x-rays  and  other  high-bandwidth  images  from 
remote  locations.  Creating  a  secure  virtual  private  net¬ 
work  (VPN)  over  the 

With  this  two-factor 
authentication  system, 
along  with  state-of-the- 
art  security  technology 
from  Cisco,  Kindred 
Healthcare  is  in  a  good 
position  to  meet  HIPAA 
requirements. 


public  Internet  seemed 
an  obvious  choice. 
Kindred  Healthcare 
turned  to  Cisco  Systems 
and  Cisco  AVVID  part¬ 
ner  Secure  Computing 
for  an  end-to-end  solu¬ 
tion.  Cisco  supplied  the 
Cisco  VPN  3015 


Concentrator,  Cisco  Secure  Access  Control  Server  (ACS) 
and  Cisco  PIX®  firewalls,  while  Secure  Computing  pro¬ 
vided  Safe  Word™  Premier  Access™,  a  user  authentica¬ 
tion  and  authorization  technology.  With  this  two-factor 
authentication  system,  along  with  state-of-the-art  security 
technology  from  Cisco,  Kindred  Healthcare  is  in  a  good 
position  to  meet  the  requirements  of  the  Health 
Insurance  Portability  and  Accountability  Act  (HIPAA) , 
which  mandates  that  providers  demonstrate  robust  securi¬ 
ty  of  patient  records  by  April  2003. The  solution  also 
enables  Kindred  Healthcare  doctors  to  provide  more  effi¬ 
cient,  more  responsive  care  to  their  patients,  a  payback 
that’s  invaluable. 


Filtering: 

It’s  Academic 


Midway  Independent  Schools  provide  a 

broad  set  of  ^ _ websei 

acceptable  sites  EMPL0VEE  ,NTERNET  MANAGEMENT 

to  students  while  maximizing  bandwidth 


The  Texas  Midway  Independent  School  District 

needed  a  way  to  safeguard  its  students  from  some 
of  the  adult  and  inappropriate  content  on  the 
Web.  Rather  than  trying  to  continually  monitor  individual 
Internet  access  from  all  1,200  of  its  student  workstations, 
Midway  chose  a  solution  that  combines  the  Cisco  PIX® 
Firewall  and  Cisco  Content  Engine  from  Cisco  Systems 
with  Internet  filtering  software  from  Websense,  a  member 
of  the  Cisco  AVVID  Partner  Program  for  security  and  vir¬ 
tual  private  networks  (VPNs). Websense  Enterprise  soft¬ 
ware  works  with  the  Websense  Master  Database,  which 
consists  of  3.4  million  Web  sites,  providing  students  with 
an  array  of  approved  content  while  protecting  them  from 
unapproved  material.  These  safety  measures  also  protect 

The  Cisco  AWID  the  district’s  federal  funding' 


relationship  between 
Cisco  and 
Websense,  which 
includes  product 
interoperability  test¬ 
ing  to  meet  the 
Cisco  AWID  interop¬ 
erability  require¬ 
ments,  enables 
Midway  students  to 
safely  mine  the  rich 
resources  of  the 
Internet. 


which  would  be  in  jeopardy 
if  the  school  system  were 
found  to  be  in  violation  of 
the  Children's  Internet 
Protection  Act  (CIPA).The 
act  mandates  that  schools 
take  specific  precautions 
regarding  Internet  access.  In 
addition,  the  Cisco  and 
Websense  solution  includes 
a  reporting  mechanism  that 
enables  the  school  district  to 
track  where  users  spend 
their  time  and  spot  when 


someone  tries  to  get  to  a 
banned  site. The  Cisco  AVVID  relationship  between  Cisco 
and  Websense,  which  includes  product  interoperability 
testing  to  meet  the  Cisco  AWID  interoperability  require¬ 
ments,  enables  Midway  students  to  safely  mine  the  rich 
resources  of  the  Internet. 


The  Secure  Computing-Cisco  AWID 
Security  and  VPN  solution  for  Kindred 
Healthcare  can  be  found  at: 


The  Websense-Cisco  AWID  Security, 
Content  Networking  and  Internet  filter¬ 
ing  solution  for  the  Texas  Midway 
Independent  School  District  can  be 
found  at:  www.nwfusion.com/go/midway 
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Fighting 

Infection 


A  multivendor  security  infrastructure  helps 
a  New  York  healthcare  provider  keep  its 
patient  data  safe 

New  York  City  Health  and  Hospitals  Corp. 

(NYCHHC) — the  largest  municipal  healthcare 
provider  in  the  country — needed  to  strengthen 
network  security.  The  date  was  approaching  when  all 
healthcare  providers  would  have  to  comply  with  the 
Health  Insurance  Portability  and  Accountability  Act 
(HIPAA),  which  mandates  the  privacy  and  security  of 
patient  data.  Also,  NYCHHC  was  not  doing  any  intrusion 
detection  on  its  corporate  wide-area  network  (WAN), 
leaving  it  vulnerable  to  attack.  NYCHHC  turned  to  a 
group  of  companies  that  could  deliver  an  end-to-end  net¬ 
work  security  solution.  The  companies  included  Cisco 
Systems;  netForensics,  a  Cisco  AWID  partner  for  security 
and  virtual  private  networks  (VPNs);  Dimension  Data,  a 
Cisco  Global  Partner;  and  integrator  Computer  Horizons 
Corp.  The  solution  included  intrusion  detection  sensors, 

firewalls,  and  VPN  hard¬ 
ware  and  software.  The 
intrusion  detection  sys¬ 
tem  proved  its  worth 
during  the  pilot,  when 
the  centralized  team 
noticed  a  high  number  of 
authorization  failures  at  a 
remote  site.  That  site’s 
network  was  under 
attack  from  the  now- 
infamous  Sircam  virus, 
which  the  team  confined 
to  just  one  facility.  NYCHHC  is  now  looking  at  adding 
host-based  intrusion  detection  from  Cisco  and  Triple  Data 
Encryption  Standard  (3DES)  encryption  to  its  network. 

The  superior  technology — and  first-class  teamwork — from 
Cisco  and  its  AWID  partner  netForensics  have  strength¬ 
ened  the  privacy  and  security  of  NYCHHC  s  network 
while  positioning  it  to  meet  HIPAA  regulations. 


The  superior 
technology — and 
first-class 

teamwork — from  Cisco 
and  its  AWID  partner 
netForensics  have 
strengthened  the  privacy 
and  security  of 
NYCHHC’s  network  while 
positioning  it  to  meet 
HIPAA  regulations. 


Law  Firm  Bars 
Intruders  from 
Network  snots'* 

TECHNOLOGY 

&  Szuch  uses  authentication  system 
to  strengthen  security 

One-hundred-year-old  law  firm  Pitney,  Hardin, 

Kipp  &  Szuch  (PHKS)  needed  to  strengthen  its 
network  security.  The  firm  turned  to  the  Cisco 
Secure  Access  Control  Server  (ACS)  and  PIX®  Firewall 
from  Cisco  Systems  to  shore  up  the  security  of  its  basic 
network  infrastructure.  The  next  challenge  was  to  find  a 
user  authentication  system.  Basic  password  protection  was 
not  enough,  because  passwords  can  be  compromised  and 
are  vulnerable  to  Internet  hackers.  PHKS  discovered 

CRYPTOCard  Corp.,  a 
Cisco  security  and  virtual 
private  network  (VPN) 
AWID  partner.  Thanks  to 
Cisco’s  long-term  relationship 
with  CRYPTOCard,  the 
PHKS  team  felt  comfortable 
entrusting  its  authentication 
needs  to  a  Cisco  partner. 
Another  important  factor  in 
PHKS’  choice  was  that  Cisco  and  CRYPTOCard  had 
already  had  their  products  tested  to  meet  the  Cisco  AWID 
Partner  Program  interoperability  criteria,  so  they  knew  that 
their  products  would  work  together.  The  CRYPTOCard 
system,  called  CRYPTOAdmin,  uses  both  hardware-  and 
software-based  tokens.  Users  first  enter  their  personal  identi¬ 
fication  numbers,  and  then  the  token  generates  a  random 
password  that  allows  them  to  access  the  network  one  time 
only.  Most  of  PHKS’  remote  users  utilize  the  software 
token,  though  about  one-quarter  of  the  workers  need  the 
hardware  token  because  they  switch  among  multiple 
machines.  As  the  firm  grows,  PHKS  expects  its  remote  user 
population  to  grow,  too.  With  the  Cisco  and  CRYPTOCard 
technology  in  place,  PHKS  is  confident  that  intruders  will 
be  thwarted  in  any  attempts  to  log  on  to  the  network. 


With  the  Cisco 
and  CRYPTOCard 
technology  in  place, 
PHKS  is  confident 
that  intruders  will  be 
thwarted  in  any 
attempt  to  log  on  to 
the  network. 


Pitney,  Hardin,  Kipp 


The  netForensics-Cisco  AWID 
Security  and  VPN  solution  for 
NYCHHC  can  be  found  at: 


The  CRYPTOCard-Cisco  AWID  Security 
Services  solution  for  Pitney,  Hardin, 
Kipp  &  Szuch  (PHKS)  can  be  found  at: 
www.nwfusion.com/go/phks 
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Network  on 
the  Prairie 


North  Dakota’s  statewide  integrated 
data  and  video 
network  unites 
rural  areas  and  achieves  economies 
of  scale 


*  POLYCOM* 


VPN 
Fits  the 
Prescription 


SECURITY" 


Tri Health’s  upgraded  network  reduces 
costs,  improves  healthcare  and  protects 
patient  privacy,  a  HiPAA  mandate 


North  Dakota’s  mostly  rural  population  of 

650,000  is  scattered  across  mainly  small-town 
communities.  In  1999,  the  North  Dakota  State 
Legislature  passed  Senate  Bill  2043  mandating  construc¬ 
tion  of  a  statewide  network  that  could  carry  integrated 
data  and  video  communications.  The  resulting  network, 
built  atop  Cisco  AWID  from  Cisco  Systems,  is  based 
on  ATM  technology  and  includes  quality-of-service 
(QoS)  capabilities.  Videoconferencing  is  made  possible 
by  iPower™  and  ViewStation™  equipment  from 
Polycom,  a  Cisco  AWID  partner.  The  integrated  IP 
QoS  over  ATM  network  has  already  improved  the 
state’s  educational  resources  and  strengthened  its  ties  to 

the  outside  world.  In 
counties  that  share  a 
single  judge,  for  exam¬ 
ple,  a  20-minute 
arraignment  can  be 
held  without  requir¬ 
ing  the  judge  to  drive 
two  hours  into  a 
neighboring  county. 
The  1 1  colleges  and 
universities  in  the 
state’s  higher  educa¬ 
tion  system  can  hold 
many  simultaneous  hill-motion  instructional  sessions. 
Governor  John  Hoeven  even  used  the  network  last 
January  for  an  interactive  broadcast  of  his  State  of  the 
State  address.  As  a  result  of  the  Cisco/Polycom  relation¬ 
ship,  North  Dakota’s  rural  residents  who  hunger  for 
more  education  and  information  don’t  have  to  travel 
farther  than  their  computers. 


As  a  result  of  the 
Cisco/Polycom 
relationship,  North 
Dakota’s  rural 
residents  who  hunger 
for  more  education 
and  information 
don’t  have  to  travel 
farther  than  their 
computers. 


TriHealth,  Inc.,  a  major  healthcare  provider  in  the 
tri-state  area  of  Ohio,  Indiana  and  Kentucky, 
needed  a  better  way  to  provide  remote  offices 
and  mobile  physicians  access  to  its  wide-area  network 
(WAN). The  company’s  128-kbps  Frame  Relay  network 
was  expensive,  and  56-kbps  dial-up  access  was  the  only 
option  for  remote  users.  And  both  access  methods  were 
too  slow  for  transmitting  x-ray  images — a  capability  the 
doctors  were  demanding.  In  addition,  new  requirements 
based  on  the  Health  Insurance  Portability  and 
Accountability  Act  (HIPAA)  would  soon  mandate  all 
healthcare  providers  to  demonstrate  enhanced  privacy 

and  security  of  patient 


Now  doctors  can 
tap  safely  into 
the  VPN  from 
anywhere  to 
view  and  share 
bandwidth-intensive 
files. 


records.  All  these  factors 
added  up  to  a  compelling 
case  for  an  upgrade,  and 
security  was  paramount. 
TriHealth  installed  virtual 
private  networks  (VPNs), 
intrusion  detection  system 
(IDS)  sensors  and  firewalls 

from  Cisco  Systems.  Cisco  AWID  partner  RSA  Security 
supplied  the  RSA  SecurlD®  state-of-the-art  user 
authentication  system.  Thanks  to  the  strong  relationship 
between  Cisco  and  RSA  Security,  the  new  infrastructure 
provided  immediate  value-add:  Hardware  and  mainte¬ 
nance  costs  for  the  VPN  are  50  percent  lower  than  for 
Frame  Relay.  The  monthly  service  charges  are  33  percent 
lower.  Remote  users  have  speedier,  more  efficient  access. 
And  now  doctors  can  tap  safely  into  the  VPN  from  any¬ 
where  to  view  and  share  bandwidth-intensive  files. 
Healthier  patients — and  well-equipped  doctors — are  the 
ultimate  return  on  investment. 


The  Polycom-Cisco  AWID  IP 
Videoconferencing  solution  for  the 
state  of  North  Dakota  can  be  found 
at: 


The  RSA  Security-Cisco  AWID 
Security  and  VPN  solution  for  TriHealth 
can  be  found  at: 
www.nwfusion.com/go/trihealth 
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Safety  Makes 
the  Grade 


Walker  County 
Schools  tap 
Internet  filtering 
device  to  keep  inappropriate 
content  at  bay 


INTERNET  FILTERING 


Closing  the 
Barn  Door 
on  Hackers 

Wells’  Dairy  protects  its 
assets  with  a  VPN  and 
Sygate  personal  firewalls 
on  mobile  workers’  laptops 


SYGATE 


or  years,  the  teachers  and  students  ofWalker 
County  Schools  in  northwest  Georgia  were 
forced  to  sit  out  most  of  the  Internet  revolution. 
Because  of  spotty  Web  access,  teachers  avoided  including 
the  Internet  in  their  lesson  plans.  When  the  county 
elected  to  install  a  wide-area  network  (WAN)  for  high¬ 
speed  Internet  access,  the  next  decision  to  make  was 
which  filtering  solution  would  best  protect  the  children 
from  noneducational  content  and  secure  the  school  dis¬ 
trict’s  federal  funding.  In  accordance  with  the  Children’s 
Internet  Protection  Act  (CIPA),  which  had  not  yet  been 
finalized  at  that  point,  schools  that  receive  federal  funds 

must  demonstrate  an 
Internet  usage  policy 
and  filter  any  ques¬ 
tionable  content.  The 
solution  was  a  WAN 
built  with  Cisco 
AVVID  components, 
including  Cisco 
routers  and  the  Cisco 
PIX®  Firewall.  For 
its  filtering  solution, 
Walker  County  chose 
a  hardware/software- 
based  Internet  filtering  appliance  from  N2H2,  a  Cisco 
AVVID  security  partner.  The  close  relationship  between 
Cisco  and  N2H2  has  produced  a  highly  reliable  and 
efficient  solution  for  Walker  County  Schools,  which 
can  finally  take  advantage  of  the  Internet’s  many  educa¬ 
tional  resources. 


The  close  relationship 
between  Cisco  and 
N2H2  has  produced 
a  highly  reliable  and 
efficient  solution  for 
Walker  County 
Schools,  which  can 
finally  take  advantage 
of  the  Internet’s  many 
educational  resources. 


Wells’  Dairy  is  a  booming  ice-cream  maker 
headquartered  in  the  Midwest.  To  meet  the 
ever-growing  nationwide  demand  for  its  Blue 
Bunny  brand  ice  cream  and  dairy  products,  the  dairy  need¬ 
ed  a  better  way  to  knit  its  2,500  employees  closer  together, 
especially  their  regional  sales  managers  scattered  across  the 
country.  Wells’  Dairy’s  answer  was  to  implement  a  virtual 
private  network  (VPN),  substituting  the  free  Internet  for 
expensive  long-distance  phone  charges.  Wells’  Dairy  chose 

to  build  the  VPN  by  adher¬ 


Because  the  Cisco 
AVVID  Partner 
Program  requires  that 
products  in  the  pro¬ 
gram  be  tested  to 
meet  its  interoperabil¬ 
ity  standards,  the  per¬ 
sonal  firewall,  Cisco 
VPN,  Cisco  PIX® 
Firewall  and  Cisco 
Secure  Access 
Control  Server  work 
together  to  authenti¬ 
cate  users  and  block 
intruders. 


ing  to  the  SAFE  Blueprint 
for  secure  networking  from 
Cisco  Systems,  part  of  Cisco 
AVVID.  To  ensure  that  all 
end  devices  connected  to  the 
VPN  would  work  together, 
the  dairy  turned  to  Sygate 
Technologies,  a  Cisco 
AVVID  security  and  VPN 
partner,  for  a  personal  desk¬ 
top  firewall  system.  Because 
the  Cisco  AVVID  Partner 
Program  requires  that  prod¬ 
ucts  in  the  program  be  tested 
to  meet  its  interoperability 


standards,  the  personal  fire¬ 
wall,  Cisco  VPN,  Cisco  PIX®  Firewall  and  Cisco  Secure 
Access  Control  Server  (ACS)  work  together  to  authenti¬ 
cate  users  and  block  intruders.  Now  Wells’  Dairy  sales  man¬ 
agers  enjoy  faster  connections  while  its  IT  department  can 
rest  easy  that  its  network  is  secure. 


The  N2H2-Cisco  AWID  Security  and 
Internet  filtering  solution  for  Walker 
County  Schools  in  Georgia  can  be 
found  at: 


The  Sygate  Technologies-Cisco 
AWID  Security  and  VPN  solution 
for  Wells’  Dairy  can  be  found  at: 

www.nwfusion.com/go/wells 
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Cisco  AWID 

Partner  Solutions 


CONTENT  NETWORKING  optimizes 
the  delivery  and  management  of 
e-business  applications  and  services 

CUSTOMER  CONTACT  enhances 
customer  satisfaction  and  loyalty 
through  innovative  customer  care 
solutions 

IP  TELEPHONY  enables  new  world 
call  processing,  collaboration  and 
customer  interaction 

IP  VIDEOCONFERENCING  provides 
live  videoconferencing  collaboration 
between  desktops  and  conference 
room  systems 

NETWORK  and  SERVICE  MANAGE¬ 
MENT  delivers  tools  and  applications 
that  enable  the  deployment  of  man¬ 
agement  intranets 

SECURITY  and  VPN  offers  complete 
security  and  protection  for  networks 

STORAGE  NETWORKING  enables 
the  consolidation,  access  and 
sharing  of  storage  over  IP,  Gigabit 
Ethernet,  Fibre  Channel  and  optical 
networks 


Cisco  AWID  Partner 
Program  Highlights 

Developed  as  a  program  to  enable  the 
deployment  of  e-business  solutions  by  top 
product  and  services  vendors,  the  Cisco 
AWID  Partner  Program  uses  open  standards 
and  interfaces  to: 

■  Deploy  voice,  video  and  data  solutions  on 
a  standards-based  architecture 

■  Deliver  products  and  services  that  meet 
the  Cisco  AWID  Program  interoperability 
requirements 

■  Provide  co-marketing  with  partners 

■  Collaborate  through  development,  testing 
and  customer  support 


Customer  Benefits 

Customers  employing  solutions  within  the 

Cisco  AWID  Program,  combined  with  key 

partners,  can: 

■  Reduce  infrastructure  and  support  costs 

■  Easily  deploy  interoperable  solutions  that 
meet  the  Cisco  AWID  Program  require¬ 
ments  for  interoperability 

■  Maximize  IP  networks  for  multiple  appli¬ 
cations  and  services 

■  Accelerate  e-business  solution  imple¬ 
mentation 


www.cisco.com/go/avvidpartner 


Cisco  Systems 

y  Verified 


The  Cisco  Systems  Verified  Logo  is  a  brand  that  indicates  a  partner’s  product,  technology  or  service  has  been 
designed  to  be  interoperable  with  Cisco  products  or  services  and  has  undergone  testing  by  the  partner's  company 
together  with  Cisco  and/ or  a  third-party  testing  organization  based  on  standards  set  by  Cisco  Systems. 


Copyright  ©  2002,  Cisco  Systems,  Inc.  All  rights  reserved.  Cisco,  Cisco  lOS,  Cisco  Systems,  the  Cisco  Systems  logo  and  PIX  are  registered  trademarks  of  Cisco  Systems,  Inc. 
and/or  its  affiliates  in  the  U.S.  and  certain  other  countries.  All  other  trademarks  mentioned  in  this  document  or  Web  site  are  the  property  of  their  respective  owners.  The  use  of 

the  word  partner  does  not  imply  a  partnership  relationship  between  Cisco  and  any  other  company.  (0203R) 
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■  TCP/IP,  LAN/WAN  SWITCHES 

■  ROUTERS  ■  HUBS 

■  ACCESS  DEVICES  H  CLIENTS 

■  SERVERS  ■  OPERATING  SYSTEMS 

■  VPNS  ■  NETWORKED  STORAGE 


■  PolyServe  last  week  announced 
software  that  lets  Intel  servers  be 
clustered  in  highly  fault-tolerant  con¬ 
figurations.  Called  PolyServe 
Matrix  Server,  the  software  binds 
servers  together  into  a  server  farm, 
allowing  fail-over  and  continuous  avail¬ 
ability.  It  lets  multiple  servers  share 
the  same  storage  array,  and  read  and 
write  the  same  files.  PolyServe  Matrix 
Server  also  contains  a  file  system 
that  guarantees  that  the  failure  of  a 
single  server  or  application  in  the  clus¬ 
ter  does  not  harm  other  servers  or 
applications  that  are  running.  Poly¬ 
Serve  Matrix  Server  is  available  on 
Linux  and  is  expected  to  be  available 
for  Windows  platforms  next  year.  It 
starts  at  $6,000  per  processor. 
www.polyserve.com 

■  Check  Point  Software  is  certifying 
that  its  VPN  products  work  with  spe¬ 
cific  wireless  products  so  network 
planners  don’t  have  to  worry  about 
interoperability  when  they  are  design¬ 
ing  wireless  security.  The  company 
last  week  announced  two  new  pro¬ 
grams  as  part  of  its  Wireless  Initia¬ 
tive:  one  that  certifies  wireless  hand¬ 
held  devices  to  work  with  Check  Point 
VPN-1  and  SecureRemote  software 
clients,  and  one  that  certifies  wireless 
network  gear  also  will  work  with 
Check  Point  products.  So  far,  the 
Wireless  Initiative  has  certified  the 
following  handhelds  and  mobile  de¬ 
vices:  Hewlett-Packard  iPaq  PDAs, 
IBM’s  ThinkPad  laptops,  Microsoft's 
Windows  Powered  Pocket  PC  2002 
devices  and  Smartphones  2002. 

■  Intel  signed  on  another  supporter 
for  its  Itanium  2  processor  last  week, 
this  time  Linux  operating  system 
maker  Red  Hat.  Through  a  partner¬ 
ship  with  Hewlett-Packard,  Red 
Hat  says  it  has  committed  to  releas¬ 
ing  a  version  of  its  Red  Hat  Linux  Ad¬ 
vanced  Server  operating  system  that 
will  be  offered  on  HP's  Proliant  ser¬ 
vers  and  its  workstations  that  use 
Itanium  2  chips.  HP  says  its  first  Itan¬ 
ium  2  systems  should  go  on  sale  by 
the  end  of  next  month.  Pricing  was 
not  immediately  available. 


Lessons  from  Leading  Users 


University,  town  team  to  make  net  reality 


Town  and  gown 


Bridgewater  State  College  and  the  town  of  Bridgewater,  Mass.,  have  arranged 
a  deal  in  which  the  town  receives  network  support  and  Internet  services 
through  the  school. 

BSC  main  campus 

A 


A  Gigabit  Ethernet  connection  runs  from  BSC’s  main 
campus  to  the  town  hall.  Enterasys  SmartSwitch 
Ethernet  switches  connect  the  main  buildings  at  1G 
bit/sec  over  aerial  and  underground  fiber. 


The  schools  are  connected  to  the  network 
via  10M  to  40M  bit/sec  cable  TV  connections, 
provided  by  the  local  cable  company. 


£> 


Town  hall 


Fiber 


—  Private  DSL 

—  Gigabit  Ethernet 
Broadband  cable  TV 

V _ ^ 

Remote  town  offices 
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Verizon  DSL 
head  end 
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Library 


Police 


Fire  station 
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Elementary  and 
high  schools 


QsaiJ 


A  private  2M  bit/sec 
DSL  network  links 
offices  where  fiber 
was  not  available. 


Recreation 

flnlP 

Substation 


Selectmen 


■  BY  PHILHOCHMUTH 

Turf  disputes,  parking  issues 
and  loud  fraternity  parties 
are  some  of  the  issues  that 
can  strain  the  relationship  be¬ 
tween  a  college  and  the  town  in 
which  it  resides.  But  Bridgewater 
State  College  in  Massachusetts 
found  a  panacea  of  sorts  for  cur¬ 
ing  ill  will  between  “town  and 
gown”  factions  —  high-speed 
bandwidth. 

The  college  was  running  out  of 
classroom  space  a  year  ago,  and 
administrators  wanted  to  pur¬ 
chase  an  unused  elementary 
school  owned  by  the  town  to  con¬ 
vert  into  a  classroom  facility  When 
negotiations  to  purchase  the 
building  stalled,  the  notion  of  set¬ 
ting  up  a  new  network  for  the 
town  as  part  of  the  deal  caught  on 
with  local  selectmen  and  college 
administrators. 

“The  idea  of  putting  together  a  tech¬ 
nology  package  for  the  town  not  only 
sweetened  the  deal  for  us  to  acquire 
the  building,  but  also  to  build  a  better 
relationship  with  the  town  itself,”  says 


Bill  Davis,  CIO  for  Bridgewater  State 
College. 

The  town  agreed  to  sell  the  10-class- 
room  building  to  Bridgewater  State  for 
$225,000.  For  the  “sweetener,”  the 
school  connected  the  town’s  15  facili- 


Academy 

ties  with  a  mixture  of  Ethernet  and 
other  broadband  technologies,  and 
provided  Internet  access  through  the 
school’s  DS-3  connection. 

Five  buildings  sit  on  the  town’s 
See  Bridgewater,  page  22 


IBM  demos  wireless  network  monitor 

Big  Blue  claims  tool  watches  for  unauthorized  moves,  adds  and  changes. 


■  BY  SAM  COSTELLO 

Hoping  to  help  users  take  another  step 
toward  autonomic  computers,  which  are 
meant  to  manage, configure  and  maintain 
themselves,  IBM’s  research  division 
Monday  announced  a  new  wireless  secu¬ 
rity  tool,  Distributed  Wireless  Security 
Auditor. 

The  tool,  which  can  run  on  wireless- 
equipped  laptops  and  handhelds,  con¬ 
stantly  monitors  wireless  networks  for  the 
addition  of  new  devices  and  configura¬ 
tion  changes  on  existing  devices,  says 
Dave  Safford,  manager  of  Global  Security 
Analysis  Lab  at  IBM  Research  in  Haw- 


II  Security  issues  with 
802.11b  networks  are  large¬ 
ly  ones  of  getting  them  con¬ 
figured  correctly.  11 

Dave  Safford 

Manager,  IBM  Research's  Global  Security 
Analysis  Lab 

thorne,  N.Y  The  data  gathered  from  that 
monitoring  is  transmitted  to  a  central  ser¬ 
ver  where  the  data  is  compiled  for  use  by 


administrators,  he  says. 

Traditional  approaches  to  wireless  net¬ 
work  discovery  and  security  have  involved 
administrators  equipped  with  wireless  net¬ 
work  gear  roaming  the  halls  and  aisles  of 
buildings,  a  process  that  is  expensive  and 
time-consuming,  Safford  says. 

The  approach  lets  companies  compile 
information  about  their  networks  at  one 
point,  but  not  continuously,  and  doesn’t 
identify  new  access  points  when  they  are 
added,  he  says. 

“Security  issues  with  802.11b  networks 
are  largely  ones  of  getting  them  config¬ 
ured  correctly  he  says.  “The  problem  is 

Sec  IBM,  page  24 
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EMC  lays  out  its  case  for  software 

Storage  company  focuses  on  adding  advanced  features  to  its  management  package. 


■  BY  DENI  CONNOR 

HOPKINTON,  MASS.  —  As  it 
fights  to  lower  costs,  penetrate 
new  markets  and  fight  off  rivals 
in  the  high-end  storage  arena, 
EMC  is  looking  toward  new  stor¬ 
age  management  software  for 
salvation. 

The  company, 
which  in  a  reorgani¬ 
zation  intention  last 
year  said  30%  of  its 
revenue  would 
come  from  software, 
is  developing  soft¬ 
ware  that  can  man¬ 
age  not  only  EMC 
storage  gear,  but 
arrays  from  any 
other  vendor. 

“EMC’s  software 
organization  has 
been  designed  to 
support  all  vendors’ 
storage  equally?’  says 
Chris  Gahagan,  newly  appointed 
senior  vice  president.“Our  goal  is 
to  make  the  best  management 
software  across  the  entire  net¬ 
work  environment,  independent 
of  size.  We  want  to  be  the  one- 
stop  shop  for  storage  manage¬ 
ment  needs,  independent  of  who 
you  buy  your  hardware  from.” 

Analysts  say  EMC’s  goals  are 
ambitious.  In  the  past  year,  the 
company  has  seen  its  market 
share  erode,  and  it  has  suffered 
from  an  IT  market  where  spend¬ 
ing  is  at  a  standstill. 

“Software  is  a  big  change  for 
them,”  says  Arun  Taneja,  senior 
analyst  with  Enterprise  Storage 
Group."  The  enterprise  hardware 
business  changed  on  them  with¬ 
in  a  matter  of  18  months.” 

Taneja  says  that  even  though 
EMC’s  shift  to  a  heavier  software 
focus  is  predictable,  it  will  not  be 
easy  for  the  company  “Histor¬ 
ically,  1  cannot  remember  a  sin¬ 
gle  individual  vendor  that  was 
dominantly  a  hardware  vendor 
become  a  heavy  software  player," 
he  says.  Conversely,  Taneja  says 
“30%  is  a  doable  scenario  for 
EMC." 

However,  to  be  successful, 
Taneja  says  that  EMCs  software 
has  to  manage  more  than  just  its 
own  hardware. 

“We  want  to  manage  all  our 
data  under  a  single  graphical 
interface  and  have  invested  in 
EMC’s  AutoIS  as  our  de  facto 
standard  to  do  it,"  says  Russ 


Cherry  senior  vice  president  of 
technology  for  CDNow,  a  video 
and  DVD  distributor  in  Fort 
Washington,  Pa. 

Automated  Information 
Storage,  or  AutoIS,  is  EMC’s  over¬ 
arching,  open  storage  manage¬ 
ment  product  family  and 

arguably  the  main  package  it  will 
use  to  make  its  soft¬ 
ware  inroads.  EMC 
has  said  it  has  sold 
more  than  1,000 
AutoIS  licenses  since 
its  introduction  in 
October  2000. 

During  the  next 
year,  EMC  will  ex¬ 
pand  AutoIS  into 
areas  Gahagan  calls 
“intelligent  supervi¬ 
sion”  and  “in¬ 
formation  safety’ 
Intelligent  supervi¬ 
sion  will  include  the 
company’s  virtual¬ 
ization  strategy  —  the  ability  to 

take  storage  resources  from  dif¬ 
ferent  vendors  and  combine 

them  into  a  pool  of  data  that  can 
be  managed  from  a  single  inter¬ 
face.  Information  Safety  includes 
not  only  backup  and  recovery  of 
data,  but  business  continuity 
technologies  such  as  replication 
and  data  migration. 

Customers  say  that  any  virtual¬ 
ization  plan  EMC  follows  needs 
to  leave  intact  other  functions 
they  already  have. 

“We  would  want  to  have  all  the 
features  and  functionality  avail¬ 
able  to  us  after  virtualizing  our 
environment,”  says  CDNow’s 
Cherry,  whose  company  has  65 
terabytes  of  EMC’s  high-end  Sym- 
metrix  and  midrange  Clariion 
storage,  and  8  terabytes  of  Sun 
arrays  and  EMC  Celerra  network- 
attached  storage. 

With  storage  virtualization,  us¬ 
ers  can  pool  storage  media  irre¬ 
spective  of  vendors,  size  and 
configurations.  Typically,  pooled 
storage  is  seen  as  a  single  vol¬ 
ume  and  all  can  be  managed 
with  a  single  piece  of  manage¬ 
ment  software.  Customers  can 
manage  this  pool  more  efficient¬ 
ly  and  inexpensively  because 
they  can  manage  their  assort¬ 
ment  of  storage  devices  from 
with  a  single  piece  of  software. 

But  virtualization  packages 
need  some  work.  “Virtualization 
schemes  need  the  ability  to  not 
care  whose  box  it  is,  but  to  be 


Chris  Gahagan,  EMC's 
new  software  chief, 
says  that  multivendor 
management  is  a  must 
for  the  company. 


able  to  use  storage  in  a  logical 
pool  and  ideally  not  give  up  the 
independent  features  of  the 
boxes,  such  as  EMC’s  Time- 
Finder,”Taneja  says. 

Taneja  says  that  current  virtual¬ 
ization  schemes,  such  as  those 
from  DataCore  and  FalconStor. 
disable  EMC’s  TimeFinder  capa¬ 
bility  upon  virtualizing  the  envi¬ 
ronment.  TimeFinder  is  popular 
EMC  technology  that  lets  admin¬ 
istrators  create  copies  of  storage 
volumes  to  increase  the  avail¬ 
ability  of  data.  These  volumes 


can  be  used  to  run  tasks  in  par¬ 
allel  to  increase  the  efficiency. 

EMC's  Gahagan  says  EMC  soon 
will  introduce  a  management 
tool  that  lets  administrators  man¬ 
age  different  arrays  from  its  con¬ 
sole  —  he  calls  it  provisioning 
and  says  it  will  initially  manage 
arrays  from  EMC’s  four  largest 
competitors  —  IBM,  Hewlett- 
Packard,  Sun  and  Hitachi  Data 
Systems. 

In  addition,  the  company  will 
introduce  mobility  software  that 
lets  administrators  move  data 


around  and  migrate  it  between 
storage  devices  nondisruptively. 
This  software  will  load-balance 
data  paths,  choosing  the  optimal 
delivery  path. 

The  company  also  will  intro¬ 
duce  policy-based  management 
and  charge-back  capability  to  let 
administrators  set  rules  for  per¬ 
formance  of  data  and  be  able  to 
bill  departments  for  storage 
resource  use. 

Pricing  for  the  individual  prod¬ 
ucts  has  not  been  set. 

EMC:  www.emc.com 
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Bridgewater 
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gigabit  backbone  —  including  the  town  hall  and 
public  safety  buildings.  The  backbone  is  con¬ 
nected  via  Enterasys  Networks  SmartSwitch 
Routers,  which  light  up  the  interbuilding  fiber. 
Enterasys  Vertical  Horizon  10/100M  bit/sec 
switches  connect  PCs  and  servers  in  all  the  main 
buildings  to  the  network  and  to  the  Internet. 

The  town’s  school  buildings  and  a  senior  citi¬ 
zens  center  are  hooked  into  the  backbone  over 
AT&T  Broadband  cable  modem  lines. The  town 
calls  this  cable  broadband  network  its  Institu¬ 
tional  Network,  or  Inet,  which  AT&T  gives  to 
Bridgewater  as  part  of  its  franchise  agreement 
with  the  town.  Inet  provides  10M  bit/sec 
upstream  and  40M  bit/sec  downstream  links  to 
the  connected  buildings. 

Small  town  offices  and  buildings  are  connect¬ 
ed  to  the  backbone  via  a  private  DSL  network, 
which  runs  on  unused  circuits  in  Verizon’s  local 
central  office  for  about  $70  per  month  for  each 
circuit.  DSL  modems  in  the  satellite  buildings 
from  Black  Box  provide  offices  such  as  the  town 
recreation,  sewer  and  fire  department  substa¬ 
tions  with  2M  bit/sec  of  connectivity  to  the  back¬ 
bone  along  with  Internet  access. 

The  pace  of  technology  change  for  the  town 
was  rapid,  according  to  Pat  Cronin,  director  of 
telecommunications  for  the  college.  In  the 
course  of  a  few  months,  its  net¬ 
work  staff  wired  100  desktops  to 
the  network,  and  deployed 
around  100  Dell  PCs  to  support 
the  town’s  150  employees. 

Networked  PCs  also  were  set  up 
in  town  schools  and  the  library. 

A  Microsoft  Exchange  server 
was  installed  to  provide  e-mail 
accounts  to  all  employees. 

The  school’s  staff  worked  with 
town  administrative  system 
managers  to  migrate  their 
servers  from  the  VAX  VMS  oper¬ 


ating  systems  to  Dell  servers  running  Windows 
NT.  NetScreen  Technologies  firewall  appliances 
are  installed  in  each  of  the  major  town  buildings 
to  protect  data  on  each  building’s  respective 
servers,  such  as  police  records,  property  tax 
information  and  legislative  documents. 

A  Microsoft  Internet  Information  Server  also 
was  deployed  at  the  town  hall  computer  room  to 
run  the  300-year-old  town’s  first  Web  site  — 
www.bridgewaterma.org. 

Town  employees  and  citizens  can  access  the 
Internet  through  the  college  at  768K  bit/sec. 
Internet  traffic  that  traverses  the  school’s  network 
to  the  town  is  segmented  from  the  college’s  traffic 
via  access  control  lists  on  the  Enterasys  equip¬ 
ment,  Cronin  says. 

“The  town  would  never  have  had  enough 
resources  to  deploy  this  kind  of  technology  but 
this  is  something  we  do  all  the  time,” Cronin  says. 
“The  idea  was  to  minimize  the  recurring  costs  for 
running  this  network;  we  didn’t  want  to  saddle 
them  with  all  kinds  of  expenses  when  it  was  time 
for  us  to  pull  out.”  Except  for  the  Verizon  costs  to 
lease  the  “dry”  DSL  lines,  the  town  will  only  have 
maintenance  and  upgrade  costs  to  deal  with. 

The  town  and  the  college  are  in  the  process  of 
transitioning  network  support  from  the  school’s  to 
the  town’s  new  IS  manager,  a  former  Bridgewater 
State  student  who  graduated  last  year. 

The  town  owned  the  rights  of  way  on  its  tele¬ 
phone  and  utility  poles  and  underground 
cabling  conduits, so  half  the  battle  was  out  of  the 
way  for  building  the  fiber-optic  backbone  — 
because  getting  the  rights  to  lay  fiber  in  the 
street  can  be  more  arduous  than  the  actual 
installation. 

The  project  to  network  the 
town  cost  $675,000  for  equip¬ 
ment  and  services,  Davis  says, 
which  amounts  to  less  than  10% 
of  the  school’s  IT  budget. 

Overall,  the  purchase  and 
refurbishment,  and  network 
installation  for  the  abandoned 
building, cost  $1.3  million,  while 
Bridgewater  State  estimates  it 
would  have  spent  close  to  $4.3 
million  if  it  had  to  build  a  new 
classroom  facility.  ■ 
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See  how  schools  are  handling  secunty  for 
their  high-speed  networks. 
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You're  looking  at  the  most  powerful  line  of  handheld 
network  problem  solving  tools  ever  designed.  They 
give  your  team  one  overwhelming  advantage:  Better 
vision  to  spot  problems  quicker  and  fix  them  faster. 

Fluke  Networks  makes  handheld  testers  for  all  your  staff, 
for  every  job.  For  simple  connectivity  tests,  there's  our 
new  LinkRunner™  pocket-sized  tester.  The  next  step  up 
is  NetTool™  Pro,  the  world's  only  inline  PC  to  network 
tester  for  solving  tough  configuration  problems.  And  the 
amazing  OneTouch™  -  for  more  insights  into  switched 
network  solutions  than  ever  before.  Bottom  line:  A  more 
productive  staff.  And  vastly  improved  network  perform¬ 
ance.  So  go  to  our  web  site  now  for  a  virtual  demo  and 
see  how  much  more  SuperVisionary  you  can  be  with  the 
right  handheld  tools. 


Go  to  www.flukenetworks.com/techtools 
and  enter  to  win  our  weekly  LinkRurmer 
giveaway. 
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What  a  difference  .com  and  .gov  can  make 

And  what  a  difference  SurfControl  Internet 
filtering  software  can  make  for  your  network  security. 


All  Internet  content  you  read,  send  and  receive  carries  a  risk.  One  simple  key¬ 
stroke  error  or  mis-spelled  e-mail  address  can  jeopardize  your  entire  organiza¬ 
tion.  You  may  have  locked  the  doors  to  viruses  and  hackers  with  your  firewall 
and  anti-virus  software,  but  until  you  also  use  Internet  filtering  to  manage 
harmful  and  unnecessary  web  and  e-mail  content,  you've  left  the  window's 
wide  open.  SurfControl,  the  world's  #1  web  and  e-mail  filtering  company  can 
help.  Visit  www.surfcontrol.com  to  download  a  FREE  30-day  evaluation  copy 
of  our  award-winning  software,  and  see  for  yourself  what  a  difference 
SurfControl  can  make. 


SurfControl 
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Wireless  LAN  out  of  control? 


The  proprietary  nature  of  early  wireless 
LANs,  coupled  with  low  throughput, 
put  a  damper  on  the  adoption  of 
wireless  in  corporations.  In  recent  years, 
though,  the  combination  of  standards- 
based,  higher-throughput  and,  most  impor¬ 
tantly,  interoperable  gear  has  blasted  wire¬ 
less  into  orbit. 

Now,  though,  in  an  effort  to  “differentiate” 
themselves  from  competitors,  vendors 
might,  instead,  cause  things  to  spin  out  of 
control. 

As  is  usually  the  case  with  networks,  it  is 
all  about  speed.  In  the  wired  world, “faster, 
cheaper  —  ergo  better”  is  an  omnipresent 
theme.  Faster  link  speeds  and  greater  port 
density  are  the  typical  elements  that  feed 
the  need  for  speed.  In  the  wireless  world, 
though,  there  are  no  such  options.  For  wire¬ 
less  vendors,  the  speed  of  the  wireless  link 
provides  the  only  significant  way  to  boost 
throughput. 

We  are  seeing  a  battle  being  played  out  in 
the  standards-based  arena.  Purveyors  of 
max-54M  bit/sec  802.11a  technology  are 
pitching  their  speed  advantage  (and  inter¬ 
ference-free  5-GHz  spectrum)  as  reason  to 
choose  it  over  max-1 1M  bit/sec  802.11b 
Wi-Fi  technology  Fair  enough. 

The  real  trouble  is  with  the  “turbo”  modes 
being  offered  by  vendors  within  both  tech¬ 
nology  groups.To  my  mind,  they  spell  only 
trouble. 

D-Link  Systems’  home  page  screams  to  its 
customers  that  they  can  “get  an  802.11b 
boost  with  AirPlus  ...up  to  22M  bit/sec.”This 
is  borderline  misrepresentation  in  that 
what  it  also  “boosts”  you  into  is  a  propri¬ 
etary  mode  of  operation  of  the  Texas 
Instruments  ACX100  chip.  As  soon  as  you 


turn  on  this  “extended"  mode,  you  are  no 
longer  802.1  lb  compliant. 

The  detail  page  includes  the  term 
802.11b  in  every  paragraph  —  implying 
that  this  is  all  “standard"  gear.  It  goes  so  far 
as  to  comment  that  D-Links  product 
“allows  users  to  take  full  advantage  of  the 
fastest  wireless  speeds  available  in  the  2.4- 
GHz  radio  spectrum  and  remain  compati¬ 
ble  with  existing  802.1  lb  networks,” except 
when  they  are  running  in  turbo  mode  — 
which  is  the  whole  point  of  buying  the 
product. 

The  page  also  references  802.1  lb+.  You 
know,  that  enhanced  version  of  802.1 1  that 
bumps  you  up  from  1 1 M  to  22M  bit/sec. 
Never  heard  of  it?  Good.  It  doesn’t  exist  out¬ 
side  of  D-Link’s  marketing  department. 

This  technology  is  proprietary  all  the  way 
—  yet  that  word  is  studiously  avoided. 
While  Texas  Instruments  might  want  it  to 
become  part  of  a  standard,  it  surely  isn’t 
now.  Marketing  like  this  can  undo  a  lot  of 
the  faith  that  has  been  placed  in  wireless 
vendors. 

There  is  also  turbo  turbulence  higher  up 
in  the  wireless  LAN  atmosphere  —  this 
time  Proxim  is  at  the  eye  of  the  storm. 

Proxim’s  home  page  touts  its  new 
Harmony  802.1  la  Access  Fbint  —  note  the 
inclusion  of  the  standard  reference  —  the 
first  bullet  point  of  which  states“up  to  108M 
bit/sec  [throughput] .”  Yup,  but  only  in  its 
NON-802.11a  mode  of  operation  — 
Proxim’s  2X  mode. 

To  its  credit,  while  Proxim  avoids  using 
the  word  “proprietary’  the  company  makes 
it  quite  clear  that  this  is  a  special  mode  of 
operation.  Still,  it  is  not  right  touting  the 
nonstandard  performance  of  a  product 
with  the  standard  in  its  name. 

The  bigger  message  to  network  architects 
is  that  the  halcyon  days  of  everything- 
works-together  wireless  are  over.  Prospec¬ 
tive  customers  will  need  to  develop  a 
much  sharper  eye  when  evaluating  wire¬ 
less  LAN  technology 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  test¬ 
ing  company  in  Manasquan,  N.J.  He  can  be 
reached  at  ktolly@tolly.com. 


IBM 

continued  from  page  21 

finding  access  points  . . .  and  making  sure 
they  have  the  appropriate  security  fea¬ 
tures  turned  on.” 

Distributed  Wireless  Security  Auditor 
addresses  this  problem  by  running  in  con¬ 
junction  with  the  wireless  client  software 
on  laptops  and  handhelds,  he  says. 
Because  the  software  is  distributed  and 
continuously  monitors  the  network,  it 
eliminates  the  need  for  multiple  hard¬ 
ware-based  sensors  or  frequent  walk¬ 
throughs  to  discover  new  access  points. 

Wireless  net  administrators  shouldn’t  get 
too  excited,  though,  as  this  announcement 
is  a  technology  statement,  more  than  a 


product  announcement,  Safford  says.  The 
product  is  not  available  for  purchase,  and 
Safford  couldn’t  provide  a  timeline. 

“It’s  not  going  to  be  a  long  time  ...  a 
small  number  of  months,”  he  says. 

Decisions  about  when  the  product  will 
be  released, and  what  it  will  cost, will  be  left 
to  other  parts  of  IBM,  including  the  compa¬ 
ny’s  Tivoli  Systems  subsidiary  he  says.  When 
it  is  released,  the  software  will  work  with 
Tivoli's  Enterprise  Risk  Manager  security 
console,  he  says.  For  now,  the  back-end  soft¬ 
ware  reports  to  Unix  applications,  with  the 
client  running  on  Linux,  he  says.  Windows 
client  support  also  is  forthcoming, he  adds. 

Costello  is  a  correspondent  with  the  IDG 
News  Service's  Boston  bureau. 


At  CDW,  our  account  managers  are  more  than  just  order  takers.  They're 


problem  solvers.  With  expertise  in  thousands  of  hardware  and  software 
products,  your  dedicated  account  manager  can  recommend  the  best 
options  based  on  your  technology  set-up.  So  you  get  information,  advice 
and  most  important,  the  technology  that's  right  for  you. To  find  out  what 
a  CDW  account  manager  can  do  for  you,  call  or  visit  our  Web  site. 
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WINDOWS*  CE 
COMPUTER 
ON-BOARD 


SIMPLE  NETWORK 
MANAGEMENT 
PROTOCOL 


Finally  AV  and  IT  experts  are  finding  something 
to  agree  on  -  the  VPL-PX15  SuperSmart™  projector 
from  Sony.  It  combines  cutting  edge  projector 
technology  and  features  with  the  latest  in  wired 
and  wireless  networking  capability.  It  lets  you 
manage  content  and  take  control,  while  giving 
you  outstanding  performance,  reliability  and 
image  quality. 

The  VPL-PX15  has  an  on-board  computer  so  you 
can  upload,  store,  and  present  Excel®  worksheets, 
PowerPoint®  presentations,  JPEG  images,  bitmapped 
images,  and  more.  This  self-sufficient  projector 
can  even  access  and  browse  the  Internet  via  the 
supplied  remote  control.  Plus,  it's  always  on  the 
LAN,  ready  to  be  accessed,  locally  or  remotely... 
even  wirelessly... whether  or  not  it's  turned  on. 


Through  a  simple  Internet  browser,  Sony's 
VPL-PX15  can  be  monitored  from  any  location 
on  the  LAN.  You  can  determine  if  the  unit  is  on, 
which  input  is  selected,  its  operating  status,  even 
adjust  the  picture.  Compatibility  with  Remote 
Desktop  Protocol  also  enables  the  display  of  your 
computer's  desktop,  or  that  of  any  other  PC  on 
your  LAN,  via  remote  access... without  leaving 
the  meeting  room. 

And  no  more  last  minute  surprises  -  the  VPL-PX1 5 
can  help  you  avoid  problems  before  they  become 
one.  This  SuperSmart  projector  is  so  smart,  it 
even  tells  you  when  it's  time  to  change  the  lamp 
via  email  with  Sony's  Auto  Email  function. 

So  make  your  next  projector  the  Sony  VPL-PX15. 
And  start  to  enjoy  the  benefits  of  networking  today. 


For  a  limited  time  with  the  purchase  of  a  VPL-PX15  projector, 
you  can  receive  a  Wireless  LAN  Card  at  no  additional  charge. 
Call  1-800-766-9523  (Sony  LCD)  or  visit  www.sony.com/supersmart 
today  for  more  information  and  program  Terms  and  Conditions. 
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The  secret  to  five-star  service 

Seamless  remote  access  from  Citrix  helps  Maritz  Travel  excel,  cut  costs. 


Remote  access,  Maritz  style 

Citrix  MetaFrame  provides  Maritz  Travel’s  mobile  and  home  office  workers 
with  fast  access  to  the  company’s  server-based  custom  database 
applications,  even  over  slow  dial-up  connections. 
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O  Users  connect  to  the  Nortel 
Contivity  2600  VPN,  then 
click  on  the  MetaFrame  icon 
to  activate  the  Independent 
Computing  Architecture  (IGA) 
client,  which  establishes  a 
session  with  the  MetaFrame 
server  located  in  Maritz’s 
server  farm. 


©  User  requests  are  passed  from 
the  MetaFrame  server  to  Maritz 
application  server,  at  100M 
bit/sec  full  duplex.  Because 
MetaFrame  sends  back  only 
screen  refreshes,  files,  audio 
and  clipboard  data,  users  feel 
like  they’re  working  on  the 
applications  locally. 


©  A  dozen  users  are  piloting  nFuse  Classic, 
the  Web-based  version  of  MetaFrame, 
which  obviates  the  need  for  VPN  or  ICA 
client  software  on  remote  PCs.  Users 
access  an  internal  Web  server,  their 
requests  go  to  the  Citrix  Secure 
Gateway,  then  onto  the  MetaFrame 
server.  Maritz  plans  to  roll  out  nFuse 
Classic  to  all  VPN  users  over  time. 


■  The  first  ultra-wideband  prod¬ 
ucts  will  debut  in  the  home  market 
in  late  2003,  according  to  a  recent 
report  from  Cahners  Instat/MDR. 
"The  Promise  of  Ultra-Wideband" 
points  to  strong  interest  from  Cisco, 
Motorola  and  Sony,  and  recent 
Federal  Communications  Commis¬ 
sion  approval  for  the  manufacture 
and  sale  of  products  as  paving  the 
way.  The  first  UWB  products  will 
have  speeds  around  100M  bit/sec  and 
a  32-feet  range.  XtremeSpectrum 
plans  to  have  its  chipsets  to  equip¬ 
ment  manufacturers  later  this  year. 
The  goal  is  to  have  the  first  con¬ 
sumer  products  out  by  Christmas 
2003  from  consumer  electronics  and 
set-top  box  companies.  Other  ven¬ 
dors  that  might  enter  the  market  are 
Time  Domain  and  General  Atomics. 
While  802.1  IX  technology  has  popu¬ 
larized  wireless  networks  in  the 
home,  the  technology  might  not  be 
appropriate  for  future  steaming  audio 
and  video  applications.  Even  so, 

802.1  IX  is  expected  to  dominate  the 
market  through  2006. 

■  Broadband  gateway  company 
Netopia  recently  teamed  with  cord¬ 
less  phone  manufacturer  Siemens 
Information  and  Communication 
Mobile  to  develop  voice  and  802.11b 
wireless  gateways  for  the  home  and 
small  office  market.  Sold  through 
asymmetric  DSL  service  providers, 
the  devices  support  multiple  PCs  and 
up  to  three  phone  numbers  accessed 
through  multiple  cordless  phones. 
www.netopia.com 

■  Earth  Link  recently  announced  it 
would  offer  a  co-branded  version  of 
ExpertCity's  GoToMyPC  remote  ac¬ 
cess  service  to  its  customers.  The 
product  lets  users  securely  access 
files  on  a  PC  from  any  remote  Web 
based  computer.  Targeting  telework¬ 
ers,  Earthlink  stated,  "Telework  is 
on  the  verge  of  becoming  a  domi¬ 
nant  force  in  the  adoption  of  broad¬ 
band  in  the  home.”  The  product  will 
cost  $19.95  per  month. 
www.earthlink.com 


■  BY  TONI  KISTNER 

FENTON,  MO. — The  CIO  for  Maritz  Travel 
Company  is  right  when  he  said:  Travel  is 
one  of  the  most  personal  experiences,  and 
builds  lifetime  memories. 

“People  will  tell  how  they  bicycled  down 
the  volcano  on  Maui,  and  in  time  the  story 
becomes  larger  than  life,”  says  Richard 
Spradling.“But  the  same  is  true  for  negative 
experiences.  They  become  larger  than  life 
and  are  never  forgotten,  either” 

For  Maritz  Travel  Company,  a  negative 
travel  experience  is  bad  business.  Maritz  is 
the  worldwide  leader  in  meeting,  event 
and  incentive  management,  with  world¬ 
wide  revenue  topping  $1  billion. 

Ever  been  on  a  company  retreat? 
Traveled  to  a  three-day  seminar?  Led  sales 
one  year  and  were  awarded  a  trip  to 
Bermuda?  Chances  are,  Maritz  handled  the 
arrangements  —  every  detail  from  book¬ 
ing  the  flight  and  room  to  signing  you  up 
for  the  right  workshops  to  making  sure  a 
set  of  golf  clubs  is  waiting  for  you  at  the 
clubhouse.  The  workers  in  colored  jackets 
with  name  tags  who  greet  you  at  registra¬ 
tion  counters,  meet  you  at  the  airport  and 
count  heads  as  your  group  boards  the  bus? 
They’re  Maritz  travel  directors. 

Spradling,  the  firm’s  CIO,  ensures  Maritz 
Travel’s  staff  of  2,000  travel  directors,  travel 
consultants,  programmers,  operations  sup¬ 
port  and  network  operations  people  can 
work  their  magic  —  by  giving  them  reliable 
and  secure  access  to  the  firm’s  centralized 
servers,  whether  from  inside  headquarters, 
branch  offices,  on  the  road  or  from  home. 

Remote  access  rage 

Five  years  ago,  Spradling  had  his  hands 
full.  The  company’s  new  custom-built 
client-server  application  made  Maritz 
unique  in  the  travel  industry  but  the  appli¬ 
cation  was  fat  and  unwieldy  This  wasn’t  a 
problem  for  in-office  people,  but  anyone 
who  needed  to  access  the  system  remote¬ 
ly,  to  retrieve  or  update  clients’  flight  or 
hotel  information,  for  example, had  a  tough 
time. Travel  directors  —  who  often  manage 
events  in  exotic  places  with  unpredictable 
phone  lines  —  suffered  the  most  with  poor 
performance  and  dropped  connections. 
Moreover,  the  application  requires  weekly 
updates,  a  process  that  can  last  more  than 
an  hour  —  if  the  connection  holds.  Such 
problems  resulted  in  frequent  middle-of- 
the-night  calls  to  the  help  desk,  and  dozens 


of  stressed,  frustrated  users. 

“It  got  to  the  point  where  they  were  reluc¬ 
tant  to  use  the  system  and  found  it  easier  to 
use  pencil  and  paper,  or  pick  up  the 
phone,” Spradling  says. 

That’s  when  Maritz  turned  to  Citrix  Sys¬ 
tems’  MetaFrame,  a  server-based  remote 
access  application  that  works  in  conjunc¬ 
tion  with  Microsoft  Terminal  Server.  Meta¬ 
Frame  is  built  using  Citrix’s  Independent 
Computing  Architecture  (ICA)  technology. 
The  product  includes  server  software,  a  net¬ 
work  protocol  and  client  software.  Simply, 
ICA  separates  an  application’s  logic,  which 
runs  entirely  on  the  server,  from  its  user 
interface,  which  is  transported  to  the  client 
device  over  standard  network  protocols 
and  network  connections. 

Remote  workers  see  and  work  with  the 
interface  as  if  the  application  were 
running  locally,  sending  keystrokes  and 
mouse  clicks  over  the  network,  and  receiv¬ 
ing  screen  updates,  files,  audio  and  clip¬ 
board  information  from  the  server. The  ICA 
network  protocol  consumes  only  about  5M 
to  10M  bit/sec  of  network  bandwidth, so  it 
works  well  over  slow  connections. 

“With  MetaFrame,  we  eliminate  sending  a 
lot  data  over  the  WAN.  We  don’t  have  to  in- 
tall  local  servers  in  our  smaller  offices,  and 
we’ve  significantly  reduced  network  delay 


says  Bill  Hamilton,  Maritz’s  network  archi- 
tect.“Before  MetaFrame,  we  had  to  update 
thousands  of  remote  PCs  on  fairly  slow 
links.  Now  by  pushing  these  thick  applica¬ 
tions  out  to  our  local  MetaFrame  servers, 
we’re  able  to  quickly  make  a  thick  app  thin. 
This  allows  us  to  control  network  costs  and 
reduce  workstation  support  costs.” 

Spradling  credits  MetaFrame  with  in¬ 
creasing  application  performance  by  300% 
and  dramatically  improving  employee  pro¬ 
ductivity.  Maritz  has  reduced  costly  and 
timeconsuming  on-site  IT  support  for  travel 
directors, cutting  IT  support  costs  for  that 
group  by  75%. 

“We  eliminated  long  software  distribu¬ 
tions,  and  lines  dropping  in  the  middle  of 
transmissions,”  Spradling  says. 

“The  response  time  in  a  remote  environ¬ 
ment  is  virtually  indistinguishable  from  the 
in-house  response  time  on  our  10M  bit/sec 
Ethernet  network,”  he  adds. 

NFuse  burns  bright 

Maritz  first  rolled  out  MetaFrame  to  its 
travel  directors,  then  home-office  workers. 
In  the  past,  Maritz's  home  workers  —  a  mix 
of  full-time  travel  consultants,  technical 
people  and  oncall  support  staff  —  con¬ 
nected  to  company  modem  banks  via 

See  Citrix,  page  30 
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Linux  ready  with  self-managing  features  for  every  e-business. 


Inter-based  /  xSeries™ 

It’s  an  affordable  and  powerful 
combination  of  mainframe- 
inspired  reliability  and  smart 
systems  management  tools. 


UNIX"3  /  pSeries™ 

Highly  available,  highly  affordable 
and  highly  coveted.  The  pSeries  is 
the  platform  of  choice  for  powerful 
UNIX  and  Linux  solutions. 


Midrange  /  iSeries™ 

Brings  easy-to-deploy,  plug  and 
play  e-business  to  your  business. 
Sophisticated  technology  that’s 
easy  to  manage  and  Linux  ready. 


Mainframe  /  zSeries™ 

Maximum  reliability,  maximum  power, 
maximum  flexibility.  Designed  for  up  to 
99.999%  uptime1  to  handle  the 
demands  of  today’s  e-businesses. 


Winning  through  server  consolidation.  Winnebago  Industries  lives  by  its  e-mail  system.  By  consolidating  its 
functions  onto  one  IBM  (©server  zSeries  running  Linux,  the  company  created  an  industrial-strength  e-mail 
system,  and  saved  on  software  licensing  fees  in  the  process.  For  a  complimentary  guide  on  server  consolidation, 

visit  ibm.com/eserver/winnebago  /  ,  .  n  tz*  u.  ,  - 

(& business  a  ihe. 


'Requires  Parallel  Sysplex*  environment.  All  numbers  and  results  reported  are  from  customer  sources.  This  customer  example  is  intended  as  an  illustration  only.  Costs  and  results  obtained  in  other  customer  environments  will  vary  depending, 
among  other  things,  on  individual  customer  configurations  and  conditions.  IBM.  the  e-business  logo,  e-business  is  the  game.  Play  to  win.  iSeries,  pSeries,  xSeries,  zSeries  and  Parallel  Sysplex  are  trademarks  or  registered  trademarks  of 
International  Business  Machines  Corporation.  Linux  is  a  registered  trademark  of  Linus  Torvalds.  Intel  is  a  registered  trademark  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countnes.  UNIX  is  a  registered  trademark  of 
The  Open  Group.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2002  IBM  Corporation.  All  rights  reserved. 
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Wireless  LAN  shakeup  shows  promise 


Last  week's  news  that  Proxim  agreed  to 
buy  Agere  Systems'  Orinoco  product 
division  for  $65  million  seemed  to 
come  out  of  the  blue. Yet,  the  deal  makes  a 
lot  of  sense,  and  both  companies  stand  to 
benefit  in  a  number  of  ways. 

Proxim  gains  the  Orinoco  brand  name, its 
802.11b  product  line,  division  staff  and 
more  than  600  patents,  which  come  origi¬ 
nally  from  Bell  Labs.  (Note:  Agere  was  spun 
off  from  Lucent  Microelectronics,  a  divi¬ 
sion  of  Lucent;  Lucent  was  formerly  Bell 
Labs,  which  was  formerly  NCR.) 

Proxim  touts  itself  as  the  leader  in 
802.11a  technology,  and  with  the  acquisi¬ 
tion  of  Western  Multiplex  two  months  ago, 
the  company  added  the  outdoor  infra¬ 
structure  piece  to  the  business.  Adding 
Orinoco  gives  Proxim  the  802.1  lb  piece  it 
was  missing  and  a  much  stronger  footing 


in  the  enterprise  market.  While  Proxim  has 
its  own  line  of  802.11b  products,  CEO 
David  King  admits, “They’ve  become  pretty 
long  in  the  tooth,  and  frankly,  the  Orinoco 
products  are  slightly  better” 

How  will  Proxim  combine  the  product 
lines?  By  taking  the  best  of  breed  of  both 
companies. 

As  soon  as  the  Federal  Communications 
Commission  approves  the  deal  in  60  days, 
Proxim  intends  to  swap  out  its  own  802. 1 1  b 
access  points  and  adapters  and  replace 
them  with  Orinoco  gear. Proxim s  Harmony 
product  will  become  a  hybrid,  retaining  its 
Proxim  controller  and  using  Orinoco  cards 
and  access  points. 

Proxim  also  likes  Orinoco’s  dual  slotted 
access  points  and  will  offer  them  for  com¬ 
panies  that  need  to  support  a  mix  of 
802.1  lb  and  802.1  la  users.“It’s  a  good  solu¬ 
tion  for  enterprises  that  use  802.11b  now 
and  plan  to  migrate  to  802.1  la, and  for  hot 
spots,  like  cafes,”  King  says. 

Last,  Proxim  is  giddy  that  the  acquisition 
puts  an  end  to  the  nasty  legal  battle  it’s  had 
with  Agere  this  year  over  the  intellectual 
property  of  direct  sequence  technology. 
“For  a  little  company  like  Proxim  to  have 


access  to  600-plus  patents  of  Agere,  which 
is  really  the  Bell  Labs  portfolio,  while  also 
validating  our  intellectual  property  — 
which  was  the  major  subject  of  contention 
—  we’ll  be  talking  a  lot  about  this  as  the 
deal  closes,”  King  says. 

For  Agere,  the  deal  looks  pretty  sweet,  too. 
Not  only  does  it  yield  the  company  $65  mil¬ 
lion  in  cash,  but  it  also  clears  up  internal 
conflicts  and  frees  up  Agere  to  increase  its 
chip  and  componentry  business.  Agere  is 
first  and  foremost  a  chip  manufacturer, 
though  the  success  of  its  Orinoco  product 
line  has  obscured  the  fact.  (While  InStat 
says  Orinoco  products  have  a  28%  market 
share,  the  components  business  yielded 
70%  of  Agere’s  revenue  in  the  first  half  of 
the  year.) 

As  the  wireless  market  quickly  matured, 
Agere  found  itself  in  conflict  with  itself. 
Customer  Avaya  and  potential  customers 
Proxim  and  Cisco  didn’t  want  to  buy  chips 
from  Agere  and  have  to  compete  with  it  on 
the  product  side.  For  the  same  reason 
Agere  has  failed  to  attract  the  low-end 
Taiwanese  hardware  vendors  such  as 
Linksys  and  Netgear. 

The  sale  should  make  Agere  an  attractive 


alternative  to  chip  vendor  Intersil,  make 
Proxim  an  instant  customer  and  let  Agere 
“serve  the  Taiwanese  vendors  much  better? 
says  Cees  Links.  Agere’s  vice  president  of 
networking  and  entertainment. 

It  will  also  heat  up  competition  among 
chip  vendors,  which  should  mean  lower 
prices  up  and  down  the  market. 

Links’  vision  of  Agere’s  future  is  very 
bright. “The  Wi-Fi  PC  is  just  the  beginning,” 
he  says.  “We  want  to  integrate  wireless 
capabilities  into  everything  electronic, 
whether  it’s  a  PDA,  cell  phone,  PC, TV  radio, 
alarm,  the  toaster  in  your  home.” 

The  only  folks  who  might  stand  to  lose 
are  some  Agere  employees  who  face  pos¬ 
sible  layoffs.  While  both  companies  stated 
all  200  staffers  in  the  Orinoco  division  will 
move  to  Proxim,  King  admits  there’s  a  lot 
of  overlap.  After  all,  we  are  both  after  all 
wireless  LAN  manufacturers. 

An  Agere  spokesperson  says,  “We’re 
going  through  the  motions.  A  lot  of  people 
are  going  to  Proxim." 

Kistner  is  managing  editor  of  the 
Net.  Worker  section.  She  can  be  reached  at 
tkistner@nww.  com. 
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ISDN  and  analog  lines.  Today,  Maritz  has 
standardized  on  ISP  WorldCom  and  is 
adding  the  provider’s  managed  VPN  ser¬ 
vices  on  a  limited  basis. 

“But  the  challenge  with  a  VPN  is  that  it  re¬ 
quires  software  on  the  desktop,”  Spradling 
says. “And  our  internal  telework  policy  and 
security  procedures  require  the  home- 
office  system  to  be  a  Maritz-owned  ma¬ 
chine.  That  means  people  who  already 
have  a  PC  at  home  will  also  need  a  second 
machine  bought  by  the  company’  Policy 
also  dictates  that  IT  doesn’t  support  tele¬ 
workers’  personal  systems,  only  the  corpo¬ 
rate  applications  running  on  them. 


■  PROFILE:  MARITZ  TRAVEL 
COMPANY 


Location:  Fenton,  Mo.,  with  150 
locations  in  U.S.,  Canada  and  Mexico. 


Business:  Meeting,  event  and 
incentive  travel  management. 


Financing:  Privately  held.  Annual 
revenue  $1  billion. 

Employees:  2,000 


Number  of  Full-time  home 

workers:  50  knowledge  workers,  50 
travel  consultants. 


Number  of  Mobile  travel 

directors:  300 

Fast  fact:  Last  year.  Maritz  acquired 
two  competitors:  McGettigan 
Partners,  the  leading  meeting 
consolidation  firm,  and  FCI  GmbH, 
a  German  meetings  firm. 


Even  though  company  policy  prevents 
hundreds  of  employees  from  working 
occasionally  at  home,  Spradling  under¬ 
stands  the  benefit  of  telework  all  too  well. 
So  he  turned  to  nFuse  Classic,  Citrix’s  Web- 
based  remote  access  product.Version  1.7 
uses  the  Citrix  Secure  Gateway,  Secure 
Sockets  Layer  and  Transport  Layer  Security 
encryption  technologies. 

“NFuse  is  a  secure  way  to  provide  access 
to  our  applications,”  he  says.  “And  we  can 
avoid  buying  that  second  machine.  Tele 
workers  and  mobile  workers  use  their  own 
ISP  and  still  have  secure  access  to  our 
applications.” 

A  dozen  full-time  teleworkers  are  piloting 
nFuse  for  90  days.  “It’s  quite  promising,” 
Spradling  says.“Feedback  is  that  it  performs 
just  like  sitting  in  the  office.” 

Goodbye  ISDN? 

Maritz  has  100  full-time  teleworkers  and 
sees  nFuse  as  key  to  expanding  its  home 
work  program  while  cutting  costs.  In  the 
past  few  years,  the  travel  industry  has  “been 
ravaged  by  change,”  Spradling  says,  refer¬ 
ring  to  the  restructuring  of  commissions. 
Before,  the  airlines  and  rental  car  compa¬ 
nies  paid  travel  agents’  commissions,  a 
model  that  included  free  trips  and  other 
incentives.  But  today,  the  corporate  cus¬ 
tomers  pay  the  commissions,  so  the 
perks  have  dried  up,  making  the  career 
choice  less  appealing. 

“When  we  do  find  good  employees,  we 
hate  to  lose  them  because  they  need  to 
work  at  home.  So  we  offer  home  worker  al¬ 
ternatives  wherever  appropriate.  And  nFuse 
will  make  it  more  cost-effective  and  allow 
us  to  keep  more  of  those  good  people,” 
Spradling  says. 

About  half  the  teleworkers  own  PCs,  and 
as  nFuse  is  rolled  out,  those  who  connect 


fcl  It  got  to  the  point  where  they  were  reluctant  to  use  the 
system  and  found  it  easier  to  use  pencil  and  paper,  or  pick 
up  the  phone.99 

Richard  Spradling 

CIO,  Maritz  Travel  Company 


to  the  network  via  DSL  or  cable  can  save 
Maritz  the  cost  of  that  second  phone  line. 
(Without  broadband,  employees  needed 
two  dedicated  analog  lines,  for  voice  and 
data,  each  paid  for  by  Maritz.) 

Maritz  teleworkers  fall  into  two  cate- 
gories.There  are  50  knowledge  workers  — 
people  in  sales  and  account  management 
—  whose  roles  require  only  occasional 
network  connectivity,  primarily  to  access 
e-mail. 

The  other  50  travel  consultants  require  a 
full-time  connection  to  Maritz’s  centralized 
server  to  process  reservations,  enroll  partic¬ 
ipants  in  programs  and  the  like.There’s  also 
a  group  of  in-house  technicians  and  opera¬ 
tions  support  people  who  are  always  on 
call  should  trouble  strike. These  folks  have 
ISDN  lines  at  home. 

“When  there’s  a  devastating  tragedy  or 
major  travel  problem,  we  can  bring  them 
online  almost  immediately,”  he  says. 

The  trouble  is,  the  company  spends  as 
much  as  $250,000  per  year  on  ISDNTWith 
nFuse,  we  could  probably  reduce  it  by 
75%, ’’Spradling  says. 

High  stakes  Internet 

Currently  Spradling  is  of  two  minds  when 
contemplating  whether  to  migrate  all  his 
remote  workers  from  ISDN  (and  dial  up)  to 
broadband  and  from  MetaFrame  to  nFuse. 


On  the  one  hand,  he’s  “generally  comfort¬ 
able  with  the  telecom  infrastructure.”  But 
on  the  other,  he  “fears  giving  up  control  of 
his  network  infrastructure  and  suffering  as 
a  result. The  Internet  is  always  to  some  ex¬ 
tent  at  risk  to  world  affairs,"  he  says. 

“You  don’t  want  to  be  doing  mission-criti¬ 
cal  stuff  when  Alan  Greenspan  makes  an 
interest  rate  announcement.  Things  just 
grind  to  a  halt,”  adding,  “So  goes  the  Inter¬ 
net,  so  goes  you.” 

For  the  time  being, Spradling  will  take  the 
middle  road,  viewing  nFuse  as  a  tool  for  ex¬ 
tending  the  telework  option  to  a  higher 
number  of  in-office  employees.“It  will  make 
working  from  home  at  least  sometimes 
more  available,  more  desirable  and  a  lot 
less  expensive,"  he  says  ■ 


More  online! 


See  how  Citrix  has  enhanced  MetaFrame  features. 
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now,  more  than  ever, 

feel  secure 

that  only  the  right  people 

access  your  Network. 

Keep  your  valuable  data  out  of  the  wrong  hands  with  the  power  of  Access  and  Security  solutions  from  Novell. 
Administrators  can  choose  one  or  multiple  authentication  methods  to  identify  users  with  absolute  certainty.  Users 
have  the  ease  of  a  single  enforceable  ID  they  use  anytime,  anywhere — resulting  in  up  to  a  95  percent  decrease 
in  password-related  help  desk  calls.  And  our  software  can  be  integrated  with  a  full  range  of  your  existing 
security  products,  from  password  protection  to  biometrics.  To  have  the  power  of  Novell  at  your  fingertips,  visit 
www.novell.com/soIutions/access_security  today. 

Novell 

the  power  to  chaNge' 


©  Copyright  2002  Novell,  Inc.  All  rights  reserved.  Novell  is  a  registered  trademark  and  the  power  to  change  is  a  trademark  of  Novell,  Inc.,  in  the  United  States  and  other  countries. 


For  further  information, contact: 
NTT  Communications  Corporation, 
nttverio@ntt.com 
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Finally,  managed  services 
that  are  actually  well-managed. 


NTT  Communications  Group  Offices  Japan  •  USA  •  Brazil  •  UK  •  France  •  Germany  •  Netherlands  •  Belgium  •  Switzerland 
•  Italy  •  Spain  •  Korea  •  China  •  Hong  Kong  •  Taiwan  •  Vietnam  •  Thailand  •  Indonesia  •  Singapore  •  Malaysia  •  Philippines  •  Sri  Lanka  •  Australia 

*  A  full  service  offering  may  not  be  available  in  some  areas 
NTT  is  a  trademark  of  NIPPON  TELEGRAPH  AND  TELEPHONE  CORPORATION.  Verio  is  a  trademark  of  Verio  Inc.  Arcstar  is  a  trademark  of  NTT  Communications 
Corporation.  All  other  referenced  product  names  are  trademarks  of  their  respective  owners.  ©2002  NTT  Communications  Corporation 


www.nttverio.com/ad 

Offering  solutions  with  guaranteed  results. 


Global  IP  Network 


NTT/VERIO  hosting  packages  leverage  industry-leading  Sun®,  Windows  2000®,  and  Linux™ 
servers  and  the  most  experienced  and  obsessive  technical  staff  in  the  industry  to  provide  you 
with  versatility,  performance  and  peace  of  mind.  Employing  everything  from  basic  dedicated 
servers  in  our  premier  data  centers  to  a  host  of  managed  services  such  as  systems 
administration,  back-up  and  restore,  server  monitoring  and  security  /  firewall  protection,  our 
staff  can  help  you  develop  a  hosting  solution  that  supports  your  business  both  today  and  into 
the  future.  And  it's  all  backed  with  the  most  aggressive  SLAs  in  the  business. 


Data  Centers 


Visit  www.nttverio.com/ad  and  discover  an  approach  to  hosting  that  starts  with  you  and 
your  needs. 


Arcstar  Global  Network  Services 
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Takes 

■  Users  of  Microsoft’s  MSN  Hot¬ 
mail  service  will  no  longer  be  able 
to  aggregate  e-mail  from  other 
accounts  into  their  Hotmail  account 
without  paying  $19.95  a  year  for  the 
MSN  Extra  Storage  subscription 
program,  the  company  said  last 
week.  The  move  was  detailed 
recently  in  a  mass  e-mail  sent  to 
users  of  Hctmail’s  POP  Mail 
Retrieval  service.  POP  is  the  stan¬ 
dard  for  sending  e-mail  from  an 
Internet  server,  which  lets  users  for¬ 
ward  and  receive  e-mail  from  differ¬ 
ent  accounts.  The  free  service  will 
be  discontinued  as  of  July  16. 
Hotmail  users  who  wish  to  continue 
using  POP  Mail  Retrieval  will  have 
to  sign  up  for  Microsoft's  MSN 
Extra  Storage  program,  which 
offers  users  10M  bytes  of  storage, 
30M  bytes  of  Communities  storage, 
the  ability  to  send  larger  attach¬ 
ments  and  exemption  from  the  ser¬ 
vice's  account  expiration  policy. 
Microsoft's  decision  to  discontinue 
its  free  POP  mail  service  comes  on 
the  heels  of  a  similar  decision  by 
Yahoo,  which  ended  its  free  Yahoo 
Mail  POP3  access  and  e-mail  for¬ 
warding  features  earlier  this  year. 

■  Fujitsu  last  week  announced 
plans  to  broaden  its  global  partner¬ 
ship  with  Microsoft,  saying  it  will 
offer  products  and  services  based 
on  .Net  platform  to  enterprise  cus¬ 
tomers  around  the  world.  As  part  of 
the  deal,  Fujitsu,  in  Tokyo,  will  devel¬ 
op  a  version  of  its  Interstage  mid¬ 
dleware  products  for  use  with  the 
.Net  platform,  the  company  said. 
The  current  version  of  Interstage  is 
based  on  Sun's  Java  technology 
and  includes  a  Java  2  Platform 
Enterprise  Edition  application  serv¬ 
er,  enterprise  software  applications 
and  development  tools.  Besides  the 
efforts  around  Web  services  infra¬ 
structure,  Fujitsu  said  it  also  will 
offer  a  variety  of  computing  sys¬ 
tems  that  combine  its  hardware 
and  middleware  with  Microsoft's 
.Net  enterprise  products,  including 
systems  for  mobile  computing. 
www.fujitsu.com 


IBM's  Informix  buy  pays  off 

A  year  later,  most  customers  stay  loyal  to  company’s  technology. 


■  BY  JOHN  COX 

A  year  after  IBM  announced  it  was  pay¬ 
ing  $1  billion  for  the  Informix  software 
business,  the  bet  seems  to  be  paying  off. 

Informix  database  users  say  IBM  has 
worked  diligently  and  for  the  most  part 
successfully,  to  keep  them  satisfied.  Very 
few  have  defected  to  database  rivals 
Oracle  or  Microsoft.  One  market  research 
study,  disputed  by  Oracle,  has  IBM  now 
edging  out  Oracle  from  the  top  spot.  Even 
without  the  Informix  revenue,  IBM  says  its 
DB2  Universal  Database  on  Unix  grew 
15%  in  2001. 

In  interviews  with  Network  World,  how¬ 
ever,  several  users  voiced  some  com¬ 


plaints.  One  is  that  IBM  needs  to  explain 
more  clearly  its  product  plans  and  the 
migration  strategy  that  will  result  in  incor¬ 
porating  some  parts  of  the  Informix  data 
management  products  into  the  DB2  line. 

Another  complaint  is  that  the  layers  of 
bureaucracy  in  the  giant  company  can 
frustrate  customers  who  want,  or  need, 
quick  decision-making. 

When  the  acquisition  was  announced  in 
spring  2001,  some  customers  were  wor¬ 
ried  that  IBM  would  force  them  to  shift 
from  the  well-regarded  Informix  products, 
such  as  Informix  Dynamic  Server  or 
Informix  Extended  Parallel  Server,  to  DB2. 
But  other  customers  breathed  a  sigh  of 
relief. 


“Once  I  got  past  the  surprise  [of  the 
acquisition],  I  was  pleased,”  recalls  Paul 
Mosser,  database  analyst  with  a  Wells  Fargo 
Bank  site  in  Tempe,  Ariz.  “The  Informix 
technology  is  outstanding.  But  the  [for¬ 
mer]  Informix  management,  frankly,  mis¬ 
managed  the  company.  1  was  glad  to  see  a 
solid,  well-established  company  [IBM] 
take  over  this  excellent  technology’ 

A  year  later,  Mosser  remains  happy.  An 
onsite  Informix  engineer  is  still  part  of  the 
bank’s  support  contract  with  IBM.  “That’s 
very  important  for  us,”  Mosser  says.  During 
the  year,  support  actually  has  improved, 
he  says.  “There  does  seem  to  be  a  more 
formal,  a  more  attentive  [way]  to  getting 
See  Informix,  page  36 


WiredRed  audits  corporate  IM  traffic 


■  BY  CAROLYN  DUFFY  MARSAN 

SAN  DIEGO  —  WiredRed  Software  has 
added  an  auditing  and  reporting  capability 
to  its  secure,  private  instant-messaging  soft¬ 
ware  to  meet  new  regulatory  requirements 
facing  industries  such  as  financial  services 
and  healthcare. 

WiredRed’s  e/pop  Audit  and  Reporting 
Server  ships  this  month  and  serves  as  an 
add-on  to  the  company’s  flagship  e/pop 
enterprise  instant-messaging  software, 
which  also  supports  text  chat,  application 
sharing  and  voice-over-IP  calls. 

Among  e/pop’s  3,000  corporate  cus¬ 
tomers  are  law  firms  such  as  Baker  & 
McKenzie  and  Arnold  &  Fbrter  and  gov¬ 
ernment  agencies,  including  the  Depart¬ 
ment  of  Labor  and  the  Air  Force.  WiredRed 
says  its  software  supports  more  than  2  mil¬ 
lion  end  users. 

The  new  audit  and  reporting  software 
archives  e/pop  traffic,  filters  messages  for 
particular  keywords,  compiles  regular 
reports  and  provides  supervisory  access  to 
employee  communications.  It  captures  the 
date,  time  and  content  of  instant  messages, 
chat  sessions  and  attachments.  A  data  min¬ 
ing  capability  supports  queries,  and  audit¬ 
ing  data  can  be  exported  to  Microsoft  and 
Oracle  databases. 

With  its  audit  and  reporting  add-on, 
WiredRed  is  targeting  financial  services 
firms  that  need  to  comply  with  new 
Securities  and  Exchange  Commission  and 


r - 
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PROFILE:  WIREDRED 

Location:  San  Diego 

Founded:  1998 

Product:  Private  instant-messaging 
software. 

Founder:  Allen  Drennan,  president 
and  CEO. 

Financing:  Privately  held. 

Customers:  3,000,  including 
Department  of  Labor  and  Baker  & 
McKenzie. 

b 

Employees:  10 

National  Association  of  Security  Dealers 
requirements  regarding  the  recording  and 
archival  of  instant  messages.  WiredRed  is 
eyeing  similar  requirements  under  the 
Healthcare  Insurance  Portability  and 
Accountability  Act,  which  affects  hospitals 
and  insurance  companies. 

One  early  customer  of  the  auditing  add¬ 
on  is  Terra  Nova  Trading,  a  Chicago  online 
brokerage  firm.Terra  Nova  has  100  employ¬ 
ees  who  have  been  using  WiredRed’s 
e/pop  software  for  the  last  three  months. 

“We’re  trying  to  give  our  traders  tools  to 
be  able  to  make  better  decisions,  react 
quicker  and  provide  better  service,”  says 
David  Lipsett,  vice  president  of  Terra  Nova. 

Terra  Nova  just  started  testing  the  audit¬ 


ing  add-on  and  is  pleased  with  the  soft¬ 
ware’s  performance  so  far. 

“We  are  required  by  law  to  have  auditing 
and  reporting,”  Lipsett  says.“If  you  say  you 
placed  an  order  with  the  trade  desk  to 
buy  100  shares  of  Microsoft,  but  instead 
the  trader  sold  100  shares,  we  can  evalu¬ 
ate  that  discrepancy  immediately  by 
checking  the  log.” 

During  the  next  six  months,  Terra  Nova 
plans  to  integrate  e/pop’s  capabilities  with 
its  trading  systems  to  let  customers  chat 
directly  with  client  services  representatives. 
But  for  now,  the  software  is  used  for  inter¬ 
nal  communications  only 

Another  early  user  of  the  e/pop  auditing 
add-on  is  Metairie  Bank  in  Louisiana.  This 
midsize  bank  recently  switched  from 
Microsoft’s  Instant  Messenger  to  Wired¬ 
Red’s  e/pop  for  security  reasons,  says  IT 
Manager  Chris  Dodge. 

“We  looked  at  a  number  of  other  internal 
instant-messaging  systems,  but  we  decided 
to  use  WiredRed  . . .  because  it  seemed  to 
have  the  most  functionality  and  features 
and  user-friendliness,”  Dodge  says.  “So  far, 
the  performance  has  been  excellent." 

Dodge  says  the  auditing  and  reporting 
add-on  “was  very  thorough  with  logging 
everything.  But  right  now,  we’re  not 
required  by  the  feds  to  monitor  our  inter¬ 
nal  messaging, so  I  don’t  feel  it’s  necessary 
to  spend  the  extra  money.  If  and  when  it 
does  become  required,  this  would  be  our 
See  WiredRed,  page  34 
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Cisco  bolsters  wireless  mgmt.  security 


■  BY  PHIL  HOCHMUTH 

SAN  JOSE  —  Cisco  last  week 
introduced  CiscoWorks  Wireless 
LAN  Solution  Engine,  a  manage¬ 
ment  appliance  that  could  help 
users  reign  in  the  management 
and  security  tasks  involved  with 
running  a  wide-scale  Cisco  Airo- 
net  wireless  LAN  access  point 
environment. 

The  WLSE  appliance  is  de¬ 
signed  to  sit  on  a  LAN  and  iden¬ 
tify  Cisco  Aironet  access  points. 
Users  attached  to  WLSE  via  a 
Web  client  can  check  and 
change  every  Aironet  access 
point’s  configuration  setting, 
such  as  broadcast  settings,  radio 


frequencies,  and  device  shut¬ 
down  and  boot-up  times.  The 
Web  interface  also  can  be  used 
to  view  trends  in  wireless  LAN 
usage  and  to  identify  over¬ 
loaded  or  underused  access 
points  on  a  LAN. 

“The  reporting  features  on 
WLSE  are  valuable  for  us,”  says 
Kalpesh  Unadkat,  a  network 
engineer  with  the  University  of 
Michigan  Health  System,  which 
has  285  Cisco  Aironet  access 
points  deployed  through  its 
network. 

“With  wireless,  we’re  getting 


back  to  a  shared  environment,” 
Unadkat  says. 

“With  that,  we  want  to  know 
how  many  users  are  associated  to 
an  access  point  for  capacity  plan¬ 
ning.  We  also  want  to  make  sure 
users  are  having  a  good  wireless 
experience,”  he  says. 

Web-based  interface 

WLSE  has  a  Web-based  user 
interface  that  can  be  used  to 
create  standardized  access- 
point  configurations  via  tem¬ 
plates,  which  can  be  pushed  out 
to  all  access  points  at  once.  The 


system  also  can  provide  alerts 
about  misconfigured  Cisco 
access  points  that  could  be  vul¬ 
nerable  to  internal  or  external 
wireless  snoops. 

Information  from  WLSE  also 
can  be  fed  into  the  Resource 
Management  Essentials  mod¬ 
ule  on  Cisco’s  LAN  manage¬ 
ment  platform  to  provide  an 
overall  view  of  wired  and  wire¬ 
less  infrastructures. 

Cisco  also  released  enhance¬ 
ments  to  its  LAN  Management 
Solution  (LMS)  and  Routed  WAN 
Management  Solution  (RWAN) 


software  products,  including  sup¬ 
port  for  Secure  Sockets  Layer  and 
Secure  Shell  protocols  on  both 
platforms. 

The  LMS  and  RWAN  platforms 
also  include  support  for  30  new 
Cisco  devices,  and  both  can 
now  run  on  Windows  2000 
Server  and  Professional.  LMS 
and  RWAN  also  run  on  Sun 
Solaris  2.7  and  2.8. 

WLSE  is  available  now  for 
$17,000,  while  the  LMS  and 
RWAN  products  are  available  for 
$20,000  and  $15,000,  respectively. 

Cisco:  www.cisco.com 


Corechange  beefs  up  collaboration  tools 


WiredRed 

continued  from  page  33 
solution.” 

Financial  services  is  the  sweet 
spot  for  corporate  instant  mes¬ 
saging,  which  is  not  yet  a  main¬ 
stream  enterprise  application, 
says  Mark  Levitt,  research  direc¬ 
tor  for  lDC’s  Collaborative  Com¬ 
puting  program. 

“[Instant  messaging]  is  con¬ 
sidered  a  freebie;  it’s  not  in  the 
top  IT  project  list  for  most  cor¬ 
porations,”  Levitt  says.  “But  if 
you’re  going  to  do  [instant  mes¬ 
saging],  then  you  need  auditing 
and  logging.” 

WiredRed’s  e/pop  and  e/pop 
Audit  and  Reporting  Server  run 
on  any  Windows  platforms  and 
will  soon  be  available  for  Linux. 
Pricing  for  the  auditing  add-on 
starts  at  $4,000  for  up  to  100 
users,  while  the  instant¬ 
messaging  client  software  cost 
about  $40  per  person. 

Later  this  year,  WiredRed  plans 
to  introduce  a  version  of  e/pop 
that  works  in  extranet  environ¬ 
ments,  followed  by  a  consumer- 
oriented  version  that  supports 
Web  and  wireless  access. 

WiredRed:  www.wiredred.com 


More  online! 

See  how  the  Financial  market  has 
mbraced  secure  instant  messaging. 
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Empowering  portals 


Corechange  says  its  new  collaboration  features  will  let  users  share  informa¬ 
tion  and  get  more  out  of  their  portals.  Here’s  typical  Coreport  portal. 
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Lists  sales  accounts  and 
status  of  those  accounts. 


Connects  user  to 
content  related  to 
specific  issues. 


Applications  such 
as  Word  and  Excel 
can  be  launched 
from  within  the 
portal. 


■  BY  JENNIFER  MEARS 

BOSTON  —  Corechange  is  the  latest  to  beef 
up  the  collaboration  capabilities  of  its  portal, 
introducing  a  suite  of  collaboration  compo¬ 
nents  that  are  designed  to  let  business  users 
easily  set  up  community  workspaces  and 
interactive  projects. 

The  Multi-Mode  Collaboration  services  are 
being  announced  this  week  and  will  be 
included  as  part  of  Coreport,  Corechange’s 
enterprise  portal  product.  With  the  collabora¬ 
tion  services,  business  users  will  be  able  to 
turn  on  whatever  type  of  collaboration  capa¬ 
bilities  they  need,  including  threaded  discus¬ 
sions,  chat,  document  sharing  and  a  feature 
that  enables  portal  users  to  find  colleagues 
with  particular  expertise. 

In  addition.  Coreport  will  integrate  with 
Groove  Network’s  collaboration  platform, 
Microsoft’s  Exchange-based  Instant 
Messaging  and  ShareFbint  Team  Services, 
and  Ideal  Science’s  Ideal  Bulletin  Board. 

“We’re  recognizing  all  the  different  ways 
people  collaborate  and  we  see  the  portal  as 
the  center  of  it,”  says  Jeff  Spotts,  executive 
vice  president  of  marketing  at  Corechange. 

Applied  Knowledge  Group,  a  collaboration 
consulting  firm  in  Reston,Va.,is  a  Corechange 
partner  and  also  uses  the  Coreport  portal 
internally  Andy  Campbell,  senior  vice  presi¬ 
dent  and  chief  knowledge  officer  of  AKG.says 
the  new  collaboration  features  are  exactly 
what  portal  users  need. 

“What  we  have  not  seen  yet,  prior  to  the 
Corechange  initiative  is  a  well-integrated  col¬ 
laboration  system  hosted  within  the  portal 
framework,”  Campbell  says.“You  can  have  the 
best  portal  in  the  world,  but  if  you  put  a  col¬ 
laboration  tool  in  there  that’s  horrendously 
complicated,  you  haven’t  solved  anybody’s 
problem,"  he  says. 

Observers  say  portals  are  becoming  the  cen¬ 
terpiece  of  how  companies  do  business. 
Rather  than  being  satisfied  with  a  simple  stat¬ 
ic  interface  to  content  and  applications,  busi¬ 
ness  users  want  a  dynamic  workspace  that  lets 
them  manipulate  what’s  delivered  via  the  por¬ 


tal,  analysts  say 

Matt  Cain,  a  senior  vice  president  with  Meta 
Group,  says  collaboration  capabilities  are 
being  added  to  portals  to  let  businesses  get 
more  out  of  the  portals  they  deploy  “It  lowers 
people  coordination  costs,”  he  says. 

“Corechange  is  very  much  on  top  of  the 
trend  whereby  we’re  seeing  collaboration  ser¬ 
vices  being  embedded  in  portals  and  business 
applications  and  other  third-party  applica¬ 
tions,  as  well,”  he  adds. 

In  March,  Plumtree  unveiled  its  collabora¬ 
tion  server,  and,  in  April,  IBM  introduced 
upgrades  to  its  WebSphere  Fbrtal,  with  collab¬ 
oration  playing  a  leading  role.  A  key  aspect  of 
that  release  was  a  focus  on  making  it  easier  for 
business  users  to  create  collaborative  work 
environments  within  the  WebSphere  portal. 

That’s  a  focus  for  Corechange,  as  well.  The 
Coreport  Community  Administration  Wizard 
lets  business  users  set  up  community  portal 
pages,  decide  who  can  be  a  member  of  that 


community  and  what  content,  applications 
and  collaboration  features  will  be  available. 

“We’re  focusing  on  the  self-sufficiency  of 
Coreport  and  allowing  the  business  end  user 
to  be  the  owner  of  the  corporate  workspace,” 
Spotts  says. 

Previous  versions  of  Coreport  allowed  for 
collaborative  work,  but  IT  intervention  was 
required  to  set  up  those  functions. 

“With  the  Community  Administration  Wizard 
we’re  hiding  all  that  technical  administration 
and  putting  the  capability  in  the  hands  of  the 
business  user]’  he  says. 

Coreport,  with  Multi-mode  Collaboration 
Services,  is  available  through  Corechange’s 
early  availability  program  and  is  scheduled  to 
be  available  widely  in  the  third  quarter. 

Pricing  for  Coreport  begins  at  $250  per 
user,  with  a  discount  schedule  for  volume 
purchases.  Server  pricing  is  available  upon 
request  for  extranet  portal  configurations. 

Corechange:  www.corechange.com 
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Is  your  infrastructure  ready 
for  Web  services?  How  long 
before  you  see  results?  Can 
.NET  connected  software  make 
a  difference?  This  quarter? 

Get  the  answers  before  the 
questions  start. 
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The  Alexis  de  Tocqueville  Institution 
published  a  white  paper  earlier  this 
month  called  “Opening  the  Open 
Source  Debate.”The  headline  on  its  press 
release  claimed  that  “Open  source  soft¬ 
ware  may  offer  target  for  terrorists.” 

In  spite  of  that  headline,  the  report 
mostly  focused  on  the  evils  of  some  open 
source  licensing  —  not  security.  The  small 
part  of  the  report  about  security  issues  with 
open  source  was  based  on  the  implied 
claim  that  hiding  security  flaws  rather  than 
fixing  them  is  somehow  better.  I  guess  the 
group  assumes  that,  counter  to  all  experi¬ 


Fighting  terrorism  with  obscurity? 


ence  and  against  the  recommendation  of 
most  security  experts,  security  through 
obscurity  works. 

I  do  not  have  the  report  in  front  of  me  as 
I  write  this  because  the  group  removed  it 
from  its  Web  site  almost  as  soon  as  it  was 
published,  saying  that  the  wrong  version 
got  posted.  I  did  look  through  some  of  it 
during  the  window  it  was  online  and  was 
not  all  that  impressed.  There  is  quite  a 
good  review  of  that  temporarily  available 
version  at  www.nwfusion.com,  Doc 
Finder:  9923. 

I  was  not  able  to  find  out  much  about 
the  Alexis  de  Tocqueville  Institution  from 
its  Web  page.  I  do  not  know  how  long  the 
organization  has  been  around,  though 
the  list  of  only  13  reports  or  books  avail¬ 
able  would  indicate  that  it  is  quite  new.  1 
also  could  not  find  any  information 
about  the  institution’s  source  of  funding 
or  how  many  researchers  it  has.  But  if  I 


were  to  project  using  this  report  as  input, 
it  seems  as  though  the  group  is  looking 
for  money  and  hopes  that  it  will  get  funds 
from  Microsoft  if  it  parrots  the  software 
maker’s  line  on  open  source.  Quite  a  few 
commentators  have  expressed  the  opin¬ 
ion  that  Microsoft  must  have  paid  this 
group  to  produce  the  report.  But  I’m  not 
convinced, given  that  the  report  too  close¬ 
ly  follows  the  Microsoft  line,  is  too  ama¬ 
teurish,  and  the  press  release  is  too  garish 
even  for  Microsoft. 

If  you  want  to  read  a  well-done  report  on 
open  source  take  a  look  at  “A  business 
case  study  of  open  source  software”  from 
Mitre  (www.nwfusion.com,  DocFinder: 
9924). 

In  this  report,  Mitre  takes  its  normal  very 
high-class,  professional  approach  to 
some  of  the  same  issues  that  the  institu¬ 
tion’s  report  tries  to  address.  I  support 
open  source  software,  but  not  at  the 


www.nwfusion.com 


exclusion  of  commercial  products.  Note 
that  history  has  shown  that  proprietary 
software  is  not  automatically  secure;  take 
for  example  Microsoft’s  Internet  Inform¬ 
ation  Server. 

It  is  at  best  a  pathetic  realization  of  the 
weakness  of  one’s  argument  to  resort  to 
using  the  threat  of  terrorism  to  attempt  to 
sell  an  otherwise  unrelated  topic. This  use 
is  intellectually  dishonest,  does  a  severe 
disservice  to  the  cause  for  which  the  de 
Tocqueville  Institution  seems  to  be 
espousing  and  makes  harder  the  real  fight 
we  are  facing. 

Disclaimer:  Everyone  at  Harvard  is  intel¬ 
lectually  honest  so  the  above  does  not 
apply  and  is  my  own  opinion. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Sys¬ 
tems.  He  can  be  reached  at  sob@ 
sobco.  com. 


Informix 

continued  from  page  33 

things  fixed,”  he  says. 

That  attention  to  detail  also 
appears  in  the  Informix  software 
releases  and  enhancements  that 
IBM  has  shepherded  during  the 
past  year.  Users  say  Informix  soft¬ 
ware  releases  now  have  fewer 
bugs  and  problems,  and  that  IBM 
is  delivering  an  array  of  desired 
improvements  and  new  features. 


Wells  Fargo  relies  heavily  on  an 
Informix  feature  called  high-avail¬ 
ability  data  replication.  “At  one 
point,  Informix  thought  of  discon¬ 
tinuing  it,”  Mosser  says.  “IBM  has 
continued  the  feature  and  ad¬ 
dressed  some  problems  in  it.  It’s 
getting  a  lot  more  attention." 

No  pressure 

A  year  ago,  IBM  promised  there 
would  be  no  pressure  for  Informix 
customers  to  shift  over  to  DB2. 
Users  say  IBM  has  kept  that 
promise. “There  has  been  no  pres¬ 
sure  or  inducement  to  shift  appli¬ 
cations  to  DB2,”  says  Michael 
Scheuermann, senior  OEM  vendor 
manager  for  Motorola’s  Global 
Telecom  Solutions  Sector,  a  soft¬ 
ware  consulting  group.  “Currently 
we  have  no  plans  to  shift  because 


Informix  products  used  in  our  cur¬ 
rent  applications  meet  our  needs 
at  this  time.” 

From  the  outset,  IBM  has  said  it 
would  take  a  close  look  at  the 
Informix  database  products  and 
incorporate  selected  features  in 
future  releases  of  DB2.  Among 
other  things,  users  say  they  expect 
these  features  will  include  an  array 
of  Informix  utilities  and  the  widely 
used  Informix  4GL  language. 

“There  have  been  a  number  of 


user  group  meetings  and  the  1BM- 
Informix  product  development 
leads  were  very  explicit  about 
what  was  going  to  be  shifted  over 
from  Informix  to  DB2,”says  Cecile 
Francis,  regional  vice  president 
with  Xtivia  Technologies,  an 
Edison,  N.J.,  IT  services  company 
Previously,  she  was  a  consultant 
with  Informix. 

IBM  has  caught  some  Informix 
customers’ attention  with  DB2. 

“They  have  made  it  easier  for 
customers  to  develop  and  deploy 
on  DB2,"  Francis  says.“You  can  pay 
one  price  for  an  Informix  license 
[renewal]  and  get  a  copy  of  DB2 
for  evaluation  and  development  at 
no  additional  charge.” 

“We'll  continue  to  support  the 
Informix  database  product  line  for 
as  long  as  need  be,"  says  Janet 


Perna,  general  manager  of  data 
management  in  the  IBM  software 
group.  “Our  strategy  is  not  to 
migrate  existing  applications  [to 
DB2],  but  as  companies  start 
building  the  next  generation  of 
applications,  we  think  they’ll  want 
to  build  them  on  the  next-genera¬ 
tion  database  —  DB2.” 

Some  frustration 

Informix  users  say  that  they’ve 
been  frustrated  at  times  by  IBM’s 
bureaucracy,  its  sheer  size  as  well 
as  a  failure  to  be  consistently 
clear  in  its  messages  to  the  In¬ 
formix  community. 

“We  would  welcome  a  clearer 
understanding  of  how  the  Infor¬ 
mix  database  products  fit  into  the 
broader  IBM  product  portfolio 
and  road  maps,”  Motorola’s  Scheu¬ 
ermann  says. 

“IBM  has  had  a  hard  time  simply 
communicating  its  intentions  to 
Informix  users,”  Mosser  says. 

Francis  recalls  the  smaller 
database  company  often  could 
approve  new  contracts  in  24  hours. 
“I  haven’t  seen  that  yet  with  IBM,” 
she  says. 

She  might  never  see  it,  but  it 
might  not  matter  in  the  end  if  IBM 
can  hold  on  to  the  loyalty  of 
Informix  users  and  give  them  a 
gentle  path  to  DB2. 

For  now,  IBM’s  Pferna  is  breathing 
a  bit  easier.  On  July  1  last  year,  she 
was  one  of  the  first  lBMers  to  walk 
into  Informix’s  Menlo  Park,  Calif., 
headquarters  to  face  a  room 
packed  with  new  IBM  employees. 

“In  the  audience  was  a  man  who 
had  once  worked  for  me  at  IBM,” 
she  recalls. “He’d  retired  from  IBM 
and  later  joined  Informix.  He  was 
smiling  at  me.  1  thought,  ‘This  is 
going  to  work.’” 

So  far,  it  has.B 


fcfc We’ll  continue  to  support  the 
Informix  database  product  line 
for  as  long  as  need  be.ll 

Janet  Perna 

General  manager  of  data  management,  IBM 


Forgent  creates 
video  mgmt  pack 

■  BY  JASON  MESERVE 

AUSTIN, TEXAS  —  Companies  looking  for  scheduling  and  man¬ 
agement  tools  for  their  videoconferencing  network  can  now 
make  just  one  stop:  Forgent  Networks. 

The  company  last  week  announced  VideoWorks,  a  hardware 
and  software  bundle  designed  to  get  customers  up  and  running 
with  multipoint  calls,  automated  scheduling,  and  full  network 
monitor  and  administration  capabilities. 

The  VideoWorks  package  combines  Forgent’s  Video  Network 
Platform  (VNP)  for  monitoring  and  managing  video  endpoints, 
gateways  and  multipoint  control  units  (MCU);  Global  Scheduling 
System  (GSS)  for  automated  booking  of  endpoints  and  equip¬ 
ment  for  multipoint  and  point-to-point  calls;  a  Radvision  VialP  or 
Accord  MGC  MCU  for  connecting  multiple  endpoints  into  a  single 
call;  and  a  Windows  2000-based  server  for  running  all  the  neces¬ 
sary  software. 

“Forgent  can  put  together  all  the  hardware,  software  and  ser¬ 
vices,”  says  Nancy  Harris,  vice  president  of  marketing  at  Forgent. 
“It’s  something  our  customers  have  asked  for  because  they  don’t 
want  to  have  to  work  with  so  many  vendors.” 

VideoWorks  is  the  first  fruit  of  Forgent’s  $4.7  million  acquisition 
of  Global  Scheduling  Solutions  earlier  this  month. The  two  com¬ 
panies  had  a  close  marketing  and  reseller  relationship  in  the  past. 

With  the  package,  a  user  can  schedule  a  call  through  the 
GSS  interface,  including  reserving  the  necessary  ports  on  the 
MCU  to  connect  all  users.  On  the  back  end,  VNP  sets  up  the 
call  and  connects  all  parties  just  before  the  scheduled  start¬ 
ing  time.  Administrators  can  be  alerted  of  problems  and  can 
view  still  images  of  calls  in 
progress  to  ensure  quality. 

Harris  says  the  combination 
also  can  deliver  reports  on 
MCU  activity  and  on  point- 
to-point  call  traffic. 

The  total  VideoWorks  pack¬ 
age  costs  about  $130, (XX)  for 
all  the  puzzle  pieces,  which 
amounts  to  about  a  20%  dis¬ 
count  of  the  list  price,  Harris 
says.  The  price  includes  the  The  picture  is  brightening  for  videoconfer- 
Accord  MGC  50  MCU.  encmg  services. 

Forgent:  www.forgent.com  DocFinder:  9930 
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The  New  Gateway  600X 

Presenting  the  ultimate  desktop  replacement.  With  its  head-turning 
style,  awe-inspiring  processor  and  incredibly  expansive  screen,  the 
completely  portable  600X  is  everything  you  ever  wanted  in  a  desktop  to  go. 
15.7“  SXGA  TFT  Active-Matrix  Display  •  Mobile  Intel  Pentium  4  Processor 
l,60GHz-M  •  256MB  DDR  Memory  •  30GB  Ultra  ATA  Hard  Drive 
Modular  DVD/CD-RW  Combo  Drive  •  Internal  V, 92  56K  Modem  and 
10/100  Ethernet  •  Internal  IEEE- 1.394  FireWire  •  ATI  Mobility 
Radeon  7500  with  64MB  DDR  Memory  •  Microsoft  Windows  XP  Home 
Edition  •  Microsoft  Works  Suite  2002  •  1  -Year  Limited  Warranty 

s1999 


The  New  Gateway  450X 

Stylish  and  affordable,  the  new  450X  is  the  perfect  combination  of  performance 
portability  and  price.  And  beneath  its  cutting-edge  exterior  you'll  find  (he  world  s  most 
cutting-edge  mobile  processor:  the  new  Mobile  Intel  Pentium  4  Processor-M. 
15”  XGA  TFT  Active-Matrix  Display  •  Mobile  Intel  Pentium  4  Processor  1.60GHz -M 
Weighs  6.01  lbs;  and  1.30"  thin  •  256MB  DDR  Memory  •  20GB  Ultra  ATA  Hard  Drive 
Modular  8X  DVD-ROM  or  8X  CD-RW  Drive  •  Internal  V.92  56K  Modem1  and  10/100 
Ethernet  •  ATI  Mobility  Radeon  Graphics  with  32MB  DDR  Memory  •  Microsoft 
Windows  XP  Home  Edition  •  Microsoft  Works  Suite  2002  •  1-Year  Limited  Warranty 


Every  day  the  demands  of  business  get  more  demanding.  Which  is  why  we  designed  the  new  Gateway"  600X  and  450X  notebooks 
around  the  sophisticated  power  management  of  the  world’s  fastest  mobile  processor;  the  Mobile  Intel  '  Pentium  "  4  Processor-M.  Superior 
multimedia  and  graphic  capabilities.  Significantly  extended  battery  life.  Seamless  connectivity.  Slim— almost  aerodynamic-design 
The  new  Gateway  600X  and  450X  notebooks.  So  slick,  they’ll  make  you  look  good  even  when  they’re  closed.  Call  us  at  1-888-203-4559, 


Limited-Time  Offer 

Upgrade  to  Microsoft  Windows  XP  Professional  and  1-year  Accidental-Damage 
Protection'  for  $100,  with  the  purchase  ot  any  Gateway  600  or  450  Series  notebook, 
(Ofter  ends  7/31/02.) 


Gateway"  PCs  use  genuine  Microsoft"  Windows 


Pentium  4 


www.nwfusion.com 
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High-speed  wireless  data:  Still  in  development 

Players  testing  various  pricing  models  as  3G  services  begin  to  emerge. 


Putting  a  price  on  wireless  data 


Wireless  carriers  are  launching  3G  networks  and  are  trying  to  figure 
out  what  users  will  pay.  Here's  a  sample  of  current  plans: 


Carrier 

Monthly  cost 

Unlimited  usage 

Network  speed 

AT&T 

•  10  megabytes — $40/  $0,004 
per  kilobyte  for  overage. 

•  200  megabytes — $200/$0.001 
per  kilobyte  for  overage. 

n/a 

20K — 40K  bit/sec,  with 
bursts  up  to  115K  bit/sec 
(GPRS  network) 

Verizon 

•  10  megabytes — $35/  $0,008 
per  kilobyte  for  overage. 

•  150  megabytes — $150/$0.0025 
per  kilobyte  for  overage. 

$99.99 

40K — 60K  bit/sec,  with 
bursts  up  to  144K  bit/sec 
(CDMA  network) 

Cingular 

•  1  megabyte — $6.99/  $0.03  per 
kilobyte  for  overage. 

•  13  megabytes — $49.99/  $0.03 
per  kilobyte  overage. 

n/a 

20K — 40K  bit/sec,  with 
bursts  up  to  115K  bit/sec 
(GPRS  network) 

Nextel 

•  10  megabytes — $39.99/  $0.01 
per  kilobyte  overage. 

$55 

25K — 30K  bit/sec,  with 
bursts  up  to  75K  bit/sec 
(Motorola  iDEN  network) 

■  BY  JENNIFER  MEARS 

Wireless  carriers  are  starting  to  launch 
high-speed  data  networks  that  promise 
users  fast  access  to  information  from  any¬ 
where  at  anytime,  but  many  potential 
business  customers  are  reluctant  to  buy 
into  the  new  technology  until  it  matures 
and  prices  settle. 

Analysts  suggest  that  customers  hold  off 


■  WorldCom  has  opened  two  new 
Internet  exchange  points,  one  in 

Chicago  and  one  in  New  York.  The 
metropolitan-area  exchanges  are 
network  access  points  where  ISPs 
and  others  interconnect  their  Inter¬ 
net  backbones.  WorldCom  already 
has  five  MAEs  in  the  U.S.  and 
Europe.  WorldCom  says  the  new 
MAEs  provide  the  scalability  and 
geographical  diversity  demanded  as 
more  traffic  is  sent  across  the 
Internet. 

■  CoNTT  DoCoMo,  Japan's  leading 
cellular  provider,  last  week  unveiled 
plans  for  a  commercial  wireless 
802.11b  service  for  nine  locations  in 
Tokyo:  Akasaka  Prince  Hotel,  Hotel 
Okura,  Makuhari  Messe  convention 
center,  a  cafe  and  five  DoCoMo 
shops  in  the  city. 

The  service,  which  will  launch  July  1 
under  the  name  MZone,  is  small  in 
scale  compared  with  that  of  sister- 
company  NTT  Communications, 
which  launched  an  802.11b  service  in 
May  with  200  access  points  and 
plans  to  expand  to  1,000  by  year-end. 

DoCoMo  will  charge  users  $16  per 
month  for  unlimited  access,  which  is 
more  expensive  than  the  $13  per 
month  NTT  Communications 
charges.  Other  companies,  including 
competitor  Japan  Telecom,  are  test¬ 
ing  their  networks  and  expect  to 
launch  services  this  year. 


Special  Focus 

■  HIGH-SPEED  WIRELESS  DATA  ACCESS: 

What's  it  worth  to  you? 

on  full-scale  deployments  while  the  mar¬ 
ket  evolves.  As  these  so-called  3G  services 
are  unveiled,  businesses  will  see  a  confus¬ 
ing  range  of  pricing  options  and  cover¬ 
age  plans. 

“The  coverage  isn’t  there  yet.  Mobile 
devices  are  just  starting  to  emerge  that 
are  next-generation  data-enabled,”says 
Philip  Redman,  research  director  of 
mobile  wireless  networks  at  Gartner.“So 
while  it’s  good  to  get  a  taste  of  this,  it's 
better  to  wait  until  you  see  how  these 
platforms  mature  and  prices  start  coming 
down  —  especially  when  you’re  rolling 
this  out  to  a  large  number  of  users.” 

Today  pricing  for  next-generation  wire¬ 
less  data  services  is  all  over  the  board, 
and  carriers  themselves  are  trying  to 
determine  what  will  work  best  for  busi¬ 
ness  users.  Pricing  ranges  from  about  $1 
to  about  $7  per  megabyte,  and  service  is 
being  offered  on  a  mix  of  next-generation 
technologies.  While  the  trend  is  to  sell 
data  services  by  the  megabyte,  per-minute 
plans  are  also  available. 

Patricia  Leebove,  director  of  e-business 
at  Invacare,  a  manufacturer  and  distribu¬ 
tor  of  home  medical  equipment  based 
in  Elyria,  Ohio,  says  today  the  benefits  of 
wireless  data  services  don’t  justify  the 
costs.  She  also  says  Invacare  s  sales  staff 
isn’t  ready  to  move  into  the  wireless 
data  world. 

“If  we  were  sure  the  salesforce  would 
use  the  equipment  and  could  pull  all  of 
them  into  training,  then  the  investment 
would  be  more  realistic,” she  says.“But  as 
it  is,  we  have  a  hard  time  getting  them  to 


More  online! 


Productivity,  efficiency  on  the  rise  as  wireless 
Web-access  early  adopters. 

DocFinder  9926 


use  the  Web  site  to  get  prices  or  check 
their  e-mail.  It’s  just  too  easy  to  call  sales 
support.” 

Wireless  at  a  ‘weird’  stage 

Wireless  data  services  are  “at  a  weird 
stage  right  now;”  says  Keith  Waryas,  re¬ 
search  manager  for  wireless  business 
network  services  at  IDC.The  market  is  in 
a  bit  of  flux  because  the  value  of  data 


■  BY  MICHAEL  MARTIN 

Cable  &  Wireless  is  getting  ready  to  exit 
the  domestic  voice,  frame  relay  and  ATM 
markets  but  hopes  to  minimize  customer 
inconvenience  by  selling  its  user  base  to 
other  service  providers. 

Most  of  the  customers  C&W  is  shopping 
around  are  small-  to  midsize  businesses, 
says  C&W  spokesman  Chad  Couser.  C&W 
will  continue  to  serve  large  business  cus¬ 
tomers  with  global  operations  who  have 
voice  and  data  needs  in  the  U.S. 

Some  customers  who  don’t  generate  a 


hasn’t  been  proven.  It’s  going  to  be  a  slow 
adoption  curve.” 

Not  that  businesses  aren’t  biting.  For 
example,  Edina  Realty  in  Edina,  Minn., 
has  teamed  with  Verizon  to  offer  its 
agents  a  mobile,  multiple  listing  service 
application  that  can  be  accessed  via 
Kyocera  SmartPhones. 

“The  opportunities  for  business  that 

See  Wireless,  page  40 


profit  for  C&W  won’t  be  included  in  the 
sale.  C&W  has  notified  those  customers 
that  they  will  have  until  the  late  summer 
or  early  fall  to  find  another  service 
provider. 

C&W  had  a  significant  number  of  voice, 
frame  and  ATM  customers  in  North  Amer¬ 
ica, says  Russ  McGuire, chief  strategy  officer 
for  telecom  consultancy  TeleChoice.  But 
C&W  never  approached  the  market  share 
of  providers  such  as  WorldCom,  AT&T  and 
Sprint,  he  says. 

“They  certainly  struggled  in  North 

See  C&W,  page  40 


C&W  hangs  up  on  its  voice, 
frame  and  ATM  customers 

Company  will  focus  on  hosting,  IP  and  CDN  services. 


Service  Providers 


www.nwfusion.com : 
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Analysts  at  my  company  recently  dis¬ 
cussed  the  common  mistakes  we 
see  clients  make.  I’ve  broken  down 
my  list  into  customer  and  supplier  errors. 
Today  we  look  at  the  IT  shops: 

1  Failure  to  acknowledge  your  organi¬ 
zation’s  values  and  assumptions.  For 
instance,  when  picking  a  supplier,  does 
your  organization  place  a  greater  em¬ 
phasis  on  price,  supplier  viability,  cus¬ 
tomer  service  and  support,  technology 
innovation  or  network  infrastructure? 
Each  organization  weighs  various  sup¬ 
plier  attributes  differently, and  consensus 
must  be  reached  before  issuing  a  re¬ 


Five  pitfalls  to  avoid  when  picking  a  supplier 


quest  for  proposal. 

Organizations  too  often  pick  suppliers 
without  evaluating  these  essential 
assumptions,  only  to  realize  there  is  a 
fundamental  disconnect  when  the  sup¬ 
plier  doesn’t  fulfill  critical  expectations. 
Understand  your  values  and  expecta¬ 
tions,  and  make  them  an  explicit  part  of 
the  requirements  process. 

2.  Many  customers  underestimate  the 
length  of  time,  devotion  to  detail,  and 
energy  needed  to  develop  a  good  RFP, 
select  vendors,  negotiate  contracts  cind 
transition  services.  It  takes  a  year.  Make  the 
effort  —  it’s  the  right  thing  for  your  com¬ 
pany,  it’s  great  experience,  and  you’ll  learn 
more  than  you  ever  thought  possible. 

3.  Many  customers  resist  undergoing 
the  pain  of  an  RFP,  or  try  to  short-circuit 
the  process  with  an  inadequate  set  of 
“requirements."  Yet  they  still  believe  they 
can  extract  the  best  deal  possible  from 
their  preferred  provider,  which  often  is 


the  current  one.  My  experience  says  oth¬ 
erwise:  Shortcutting  the  process  will 
undercut  your  company’s  ability  to  get 
the  best  deal  —  and  across  all  attributes, 
not  simply  price. 

4.  Many  customers  wrongly  assume  that 
new  technology  is  typically  cheaper  and 
as  reliable  as  old  technology,  or  that  it 
can  attain  these  attributes  quickly.  That 
isn’t  always  the  case.  Look  at  the  perfor¬ 
mance  of  frame  relay  compared  with  pri¬ 
vate  line  —  after  all  these  years,  generally 
speaking,  frame’s  service-level  agree¬ 
ments  often  lag.  Its  price  often  is  more 
attractive  than  private  line,  but  ultimately 
it  all  comes  down  to  a  customer’s  deal¬ 
making  abilities. 

5.  Finally,  many  customers  make  the  mis¬ 
take  of  assuming  that  remaining  within 
industry  spending  benchmarks  (or  even 
typical  IT  best  practices)  is  a  great  way  to 
ensure  that  your  IT  department  is  doing 
the  best  job  it  can  do  for  your  organization. 


No,  it  doesn’t.  It  does  not  automatically 
ensure  that  you  are  doing  anything  more 
than  being  “average." 

For  example,  a  company  that  is  upgrad¬ 
ing  many  systems  in  a  short  time  will 
spend  more  than  the  industry  average  in 
any  given  year,  but,  depending  on  its 
prior  condition,  it  could  be  reworking 
many  vital  processes  that  are  necessary 
to  help  ensure  the  organization’s  future 
success.  Please  don’t  take  this  as  an  auto¬ 
matic  justification  to  increase  your  bud¬ 
gets:  It’s  not. 

Where  does  the  organization  want  to 
go?  Where  can  it  realistically  go?  What 
can  IT  do  to  help?  These  are  the  basic 
questions  that  must  be  continually 
asked. 

Next  time,  common  supplier  mistakes. 

Pierce  is  a  research  fellow  at  Giga  Infor¬ 
mation  Group.  She  can  be  reached  at 
lpierce@gigaweb.  com. 
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America,"  he  says. 

One  reason  it  didn’t  succeed  in 
that  market  may  have  been  that 
WorldCom, Sprint  and  AT&T  have 
rich  service  portfolios  for  busi¬ 
ness  customers,  McGuire  says. 

“They  have  multiple  kinds  of 
[VPNs],”  he  says. “They  have  IP- 
enabled  frame,  frame  VPNs, 
frame  and  ATM  internetworking. 
C&W  had  some  of  that,  but  they 
didn’t  have  everything  the  others 
seemed  to  have.” 

C&W  isn’t  leaving  the  North 
American  market  altogether. The 
company  will  continue  to  offer 
hosting  and  IP  services. C&W  has 
boosted  both  these  business 
areas  through  acquisitions  over 
the  past  four  years. 

The  company’s  exit  from  the 
voice,  frame  and  ATM  markets 
came  as  little  surprise. Company 
officials  had  said  the  company 
might  be  leaving  those  busi¬ 
nesses  when  it  held  its  year-end 
review  for  2001.  The  provider 
will  continue  to  offer  interna¬ 
tional  voice  and  frame  services. 

While  C&W  didn’t  have  much 
success  in  these  markets,  Mc¬ 
Guire  says  he  thinks  the  compa¬ 
ny  may  be  successful  with  its 
hosting  operations. 

C&W  has  a  Tier  1  North  Ameri¬ 
can  IP  backbone  and  46  hosting 
centers  across  the  U.S.  and 
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What's  left  for  C&W 

With  Cable  &  Wireless 
abandoning  voice,  frame 
and  ATM,  its  remaining  U.S. 
operations  are  based  on 
three  acquisitions. 

•  MCI  Internet,  purchased 
in  1998  for  $1.7  billion, 
provides  a  strong  IP 
backbone. 

•  Digital  Island,  picked  up 
for  $340  million  in  May 
2001,  provides  a  foothold 
in  hosting. 

•  Exodus,  which  C&W 
acquired  a  majority  of  for 
$750  million  last  November, 
cemented  its  position  in 
the  hosting  market. 

worldwide.  The  provider  also 
operates  a  content  delivery  net¬ 
work  it  acquired  when  it  pur¬ 
chased  Digital  Island  last  year. 

“They’ve  picked  up  some  in¬ 
teresting  assets  and  have  some 
strong  customers,”  McGuire  says. 

“In  the  hosting  space,  it’s  not  so 
much  a  question  of  your  portfolio 
as  it  is  pricing  and  how  well  con¬ 
nected  your  network  is,”  he  says. 

C&W  also  is  in  an  enviable 
financial  position  when  com¬ 
pared  with  most  of  its  competi¬ 
tors  in  the  hosting  market.  While 
many  providers  are  struggling 
under  mountains  of  debt  with 
no  relief  in  sight,  C&W  has  al¬ 
most  $4  billion  in  the  bank. 

Some  of  C&W’s  money  is  going 
toward  building  a  private  inter¬ 
national  IP  network  that  the  com¬ 
pany  will  use  to  launch  IP  VPN 
services  for  enterprise  customers 
this  year.  ■ 


Wireless 
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wireless  affords  [the  agents]  — 
having  access  to  those  tools  in 
the  field  —  is  resulting  in  some 
quick  sales  and 
success  stories,” 
says  Diane 
Krob,  Edina 
Realty’s  vice 
president  of  IT. 

Nevertheless, 
many  compa¬ 
nies  are  still  de¬ 
bating  the  value 
of  wireless  ser¬ 
vices,  part  of  the 
reason  why  pricing  for  these  ser¬ 
vices  is  so  unstable. 

“Carriers  are  making  a  huge 
investment  in  adding  data  capa¬ 
bility  to  their  networks.  And  some 
of  them  believe  that  users  will 
pay  a  premium  for  data,  and  I 
think  that’s  dead  wrong,”  says 
wireless  industry  analyst  Andrew 
Seybold,  of  Andrew  Seybold 
Group.  “There’s  this  discrepancy 
between  what  the  corporate  user 
thinks  data  is  worth  and  what  the 
wireless  networks  think  they  can 
get  for  data.” 

Where's  the  coverage 

Another  issue  for  business 
users  is  coverage.  A  CIO  of  a 
multinational  corporation,  who 
asked  not  to  be  named, says  he  is 
holding  off  on  investing  in  any 
3G  services. 

“We’re  just  not  quite  there  yet, 
and  I  don’t  think  the  technology 
is  there  yet,  either^  he  says.  “As 
CIO,  my  first  thought  is,  ‘Is  the 
speed  and  coverage  there?’  And 
my  first  answer  is  ‘No.’" 

He  predicts  his  firm  will  even¬ 


tually  make  use  of  wireless  data 
services,  but  estimates  the  price 
he’s  willing  to  pay  will  top  off  at 
about  $50  per  user.  That’s  in  line 
with  what  Seybold  uncovered  in 
a  survey  of  IT  managers  about  six 


months  ago. 

“We  determined  the  threshold 
of  pain  for  corporations’  wireless 
data  is  a  fixed  fee  of  about  $50  a 
month,”  Seybold  says. 

That  puts  Verizon’s  $100  per 
month  flat-rate  pricing  plan, 
which  it  unveiled  in  May,  over 
the  top.  Still,  analysts  agree  that 
Verizon  is  on  the  right  track  by 
offering  a  flat  rate  to  corpora¬ 
tions.  Analysts  say  business  users 
also  should  keep  an  eye  on 
Sprint,  which  plans  to  roll  out  its 
3G  services  nationwide  later  this 
summer. 

Sprint  bases  its  network  on  a 
Code  Division  Multiple  Access 
technology  called  lxRTT  [or 
CDMA  2000],  which  today  has 
average  speeds  between  40K 
and  60K  bit/sec,  and  can  sup¬ 
port  bursts  up  to  144K  bit/sec 
—  the  same  technology  Ver¬ 
izon  uses. 

The  difference  is  Sprint  will 
launch  its  service  with  100%  net¬ 
work  coverage. Verizon  launched 
its  3G  service  with  about  20% 
coverage  in  January,  although 


the  “vast  majority”  of  its  network 
is  now  3G-enabled. 

“We’re  just  filling  in  holes  now;” 
a  spokesman  says. 

Another  difference  between 
Sprint  and  the  other  carriers  is 
that  it  has  had  to 
invest  less  money 
to  upgrade  its  net¬ 
work,  so  it  may  be 
able  to  offer  the 
data  services  at  a 
better  price.  Up¬ 
grades  to  Sprint’s 
existing  CDMA  net¬ 
work  cost  about 
$800  million,  ac¬ 
cording  to  a  Sprint 

spokesman. 

“If  you  look  at  AT&T  and  Cing- 
ular,  they’re  spending  [about] 
$3  billion  for  their  upgrades,” 
Seybold  says.  “So  Sprint  has  the 
advantage  of  not  having  to 
spend  as  much  money  for  up¬ 
grades  and  coming  to  the  mar¬ 
ket  last.” 

Sitting  it  out 

Still,  the  best  thing  for  business 
users  to  do  is  watch  and  wait. 

“This  is  the  year  to  make  the 
plan,"  says  Gartner’s  Redman. 
“What  are  the  key  areas  you  need 
to  mobilize  and  get  wireless  en¬ 
ablement?  What  are  the  key 
devices  that  you  need?  Put 
together  the  solution  and  start 
piloting. 

“As  these  things  mature  over  the 
next  18  months, you’ll  be  ready  to 
roll  out  the  services  that  are 
going  to  drive  your  revenue, 
make  you  more  competitive,  gain 
efficiencies  and  decrease  cost," 
he  says.“All  these  things  that  wire¬ 
less  technology  can  really  do.  But 
you  have  to  be  smart  about  it  "■ 


II  We've  determined  the  threshold  of  pain 
for  corporations'  wireless  data  is  a  fixed 
fee  of  about  $50  a  month.  11 

Andrew  Seybold 

Analyst,  Andrew  Seybold  Group 
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8VICE  PROVIDER  DEVELOPMENTS 
AT  THE  JUNCTURE  BETWEEN  THE  ENTERPRISE 
AND  THE  NEW  PUBLIC  NETWORK 


Switch  vendors  say  RFPs  light  on  MPLS 

Multiservice  carriers  showing  interest,  but  demand  is  for  more  ATM. 


■  BY  JIM  DUFFY 

Perhaps  not  surprisingly,  vendors  of  Layer 
2  ATM  switches  say  carrier  request  for 
proposals  show  more  interest  in  Multi¬ 
protocol  Label  Switching  than  demand. 

Among  incumbent  local  exchange  carri¬ 
ers  (1LEC)  and  regional  Bell  operating 
companies,  which  have  separate  ATM, TDM 
and  IP  backbones,  MPLS  deployment  is  still 
likely  two  to  three  years  off,  vendors  say  The 
technology  is  sought-after  to  consolidate 
those  three  separate  networks  and  support 
multiple  services  —  voice,  data  and  video. 

Yet  concerns  over  capital  and  opera¬ 
tional  expenditures,  the  immaturity  of 


■  Ciena  and  ONI  Systems  last  week 
announced  that  shareholders  of  both 
companies  have  approved  their  pro¬ 
posed  merger.  Ciena  had  announced 
its  intention  to  acquire  ONI  in  Feb¬ 
ruary.  The  companies  also  announced 
they  have  reduced  their  combined 
workforce  by  approximately  225 
employees.  Another  approximately 
110  employees  will  leave  within  the 
next  three  months  after  assisting 
with  the  integration  transition.  Ciena 
says  it  expects  that  as  a  result  of 
these  and  other  cost-cutting  mea¬ 
sures,  it  will  reduce  annual  operating 
costs  by  up  to  $65  million. 

■  Tahoe  Networks  last  week  an 
nounced  a  partnership  with  opera¬ 
tions  support  system  mediation  soft¬ 
ware  vendor  Narus.  The  two  compa¬ 
nies  plan  to  support  Tahoe's  service 
and  accounting  data  in  Narus’  soft¬ 
ware,  which  will  converge  it  with 
other  network  voice  and  IP  informa¬ 
tion  and  generate  events  that  drive 
billing  and  other  OSS  applications. 
This  capability  will  enable  the  rollout 
of  content- based  and  prepaid  ser¬ 
vices,  such  as  location-based  ser¬ 
vices,  Multimedia  Messaging  and 
other  mobile  Internet  services,  the 
companies  say. 


MPLS,  and  the  familiarity  and  revenue-pro¬ 
ducing  reliability  of  current  infrastructures 
tempers  the  urgency  of  implementation. 

Meanwhile,  ISPs  are  more  bullish  on 
MPLS  because  they  have  a  single  IP  back¬ 
bone  that  can  benefit  readily  from  the  traf¬ 
fic  engineering  aspects  of  the  technology 
and  as  an  enabler  of  IP  VPN  services  — 
they  don’t  face  the  multiservice  support  re¬ 
quirements  of  their  ATM  counterparts.  With 
little  or  no  investment  in  ATM  or  TDM,  ISPs 
can  be  a  bit  more  liberal  in  injecting  their 
networks  with  MPLS,  vendors  say 

“The  timeline  for  MPLS  as  a  hard  capital 
budget  requirement  is  moving  out”  among 
incumbent  carriers,  says  Dennis  Rainville, 
CEO  of  multiservice  switch  start-up  Equipe 
Communications. 

“ISPs  want  MPLS  for  traffic  engineering 
and  VPNs,  but  ILECs  have  completely  dif¬ 
ferent  requirements.  They  have  ATM  and 
frame  relay  to  bring  along,”  he  adds. 

Core  data  switching  request  for  proposals 
from  incumbents  seek  increased  band¬ 
width,  ATM  virtual  circuit  density  and  DSL 
aggregation,  incremental  ATM  and  frame 
relay  service  differentiation,  voice  trans¬ 
port,  and  2.5G  and  3G  wireless  support, 
Rainville  says.  Multiple  RFPs  have  specified 
faster  ATM  call  processing,  scalability  on 
the  order  of  1  million  or  more  virtual  cir¬ 
cuits  and  10G  bit/sec  OC-192c  ATM  inter¬ 
faces  for  short-term  production  deploy¬ 
ment,  he  says. 

Meanwhile,  MPLS  is  requested  for  trial 
purposes,  with  initial  deployments  not  ex¬ 
pected  until  2004  or  2005,  he  says. 

“Next  year,  there  will  probably  be  a  lot  of 
[MPLS]  trials,”  Rainville  says.  “The  seven 
[largest  incumbent  carriers]  are  only  dab¬ 
bling  right  now.  In  2004, 2005,  it  will  ramp 
up, and  then  there  will  be  a  seven-year  bell 
curve  behind  that.” 

According  to  an  “unofficial"  tally  on  the 
Web  site  of  Cellstream,  a  telecom  consul¬ 
tancy,  76  service  providers  worldwide  are 
deploying  MPLS.  The  list  includes  AT&T, 
Sprint  and  WorldCom,  and  only  one  RBOC 
—  Qwest. 

Carriers  are  evaluating  MPLS  as  a  method 
for  consolidating  ATM  and  IP  networks,  and 
for  “future-proofing”  current  investments  in 
ATM  switches,  according  to  Alcatel.  But  two 
key  issues  remain  before  MPLS  is  widely 
deployed:  the  common  refrain  of  reliability 
and  the  potential  to  use  MPLS  for  more 
than  traffic  engineering  and  VPNs. 

“Can  we  use  it  as  a  service?”  asks  Jim 
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Worldwide  revenues  for  WAN  switches 
and  core  routers  are  estimated  to 
accelerate  over  the  next  few  years. 
MPLS  is  expected  to  be  a  key 
ingredient  of  these  sales. 
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Guillet, assistant  vice  president  for  product 
marketing  in  the  Edge  Data  Networks 
group  of  Alcatel’s  Carrier  Internetworking 
Division. 

“It’s  now  an  issue  of  what  is  the  motivator 
to  evolve.  There  are  some  issues  as  to 
whether  IP  and  MPLS  are  ready  for  busi¬ 
ness-critical  services.To  make  IP  the  prima¬ 
ry  communications  medium,  you’ve  got  to 
make  it  reliable,”  he  says. 

Edge  switch  maker  WaveSmith  Networks 
agrees  on  both  counts. 

“MPLS  services,  apart  from  VPNs,  are  a 
ways  off,”  says  Chad  Dunn,  WaveSmith’s 
director  of  product  management.  “Trans¬ 
parent  LAN  services  are  happening  but 
end-to-end  MPLS  is  still  a  ways  off.” 

In  an  effort  to  prove  that  MPLS  is  stable 
enough  to  support  services  and  generate 
revenue,  the  MPLS  Forum  sponsored  the 
largest  interoperability  demonstration  of 
the  technology  at  the  recent  SuperComm 
trade  show.  Twenty-one  vendors  and  27 
pieces  of  equipment  displayed  traffic 
engineering  using  explicit  routes,  Layer  3 
MPLS  VPN  tunnels  and  Ethernet-over- 
MPLS  tunnels. 

Stability  and  service  revenue  issues  aside, 
MPLS  probably  would  be  implemented 
more  widely  now  were  it  not  for  the  tele¬ 
com  bubble  bursting  in  early  2000.  But 
burst  it  has,  so  carrier  requirements  now 
are  back  to  areas  where  they  know  they 
can  make  money, according  to  Nortel. 

“Eighteen  months  ago,  people  were 
pushing  harder  on  MPLS, ’’says  Errol  Binda, 
senior  manager  for  product  marketing  at 
Nortel.  “The  realities  of  the  industry  are 
sticking  to  what’s  proven.  People  are  still 


asking  for  MPLS  as  an  end  game,  but  it’s  not 
as  critical.” 

People  would  be  asking  for  it  a  lot  more 
fervently  if  vendors  offered  the  right  solu¬ 
tions,  says  Sarbpreet  Singh,  vice  president 
of  product  and  program  management  in 
Lucent’s  Internetworking  Systems  group. 
Naturally  that’s  where  Lucent  thinks  it  has 
the  others  licked,  Singh  says. 

Lucent  boasts  an  ATM/MPLS  control 
plane  breakthrough  with  itsTMX  880  MPLS 
core  switch,  which  will  be  available  in 
September. The  switch’s  Fluid  Signaling  fea¬ 
ture  maps  ATM  virtual  circuits  to  MPLS 
label-switched  paths,  and  proxies  ATM 
operations,  administration,  maintenance 
and  provisioning  flows  through  the  MPLS 
domain  to  maintain  service  monitoring 
and  integrity. 

Lucent  doesn’t  hold  the  same  cautious 
rollout  schedule  as  the  rest  of  the  MPLS 
market. 

“We  are  actually  accelerating  the 
[MPLS]  market,”  Singh  says.  “In  2003,  you 
will  start  seeing  deployments.  If  RFPs 
called  for  MPLS  in  2004,  they  wouldn’t  be 
issued  at  this  time.  And  if  we  didn’t  have 
this  capability  deployments  would  be  in 
2004  or  2005.” 

Marconi  says  it  thinks  2003  will  be  the 
year  of  MPLS  early  adopters  among  the 
incumbents. 

The  company’s  been  invited  to  propose 
its  BXR48000  core  switch  in  ATM  and 
IP/MPLS  bids,  70%  of  which  have  called 
for  a  packet  switched  multiservice  core. 

“There’s  been  a  lot  of  investment  in 
MPLS  capabilities  but  service  providers 
are  still  being  a  little  guarded,”  says  Harry 
Ostaffe,  director  of  product  line  marketing 
for  broadband  routing  and  switching  at 
Marconi. 

“They  want  to  make  sure  it’s  fully  baked 
and  fully  interoperable,” he  adds.® 
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See  how  MPLS  could  lead  to  less-expensive,  faster 
WAN  connections. 
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responsible  for,  so  that  you  can  make  smarter  decisions  today  Tivoli.  Part  of  our  winning  software  team, 
along  with  DB2*  Lotus*  and  WebSphere*  To  find  out  more  view  our  Webcast  at  ibm.com/tivoli/smarter 
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(e) [business  is  the  game.  Play  to  win. 


Tripwire  is  The  Data  Integrity  Assurance  Company 


Tripwire®  establishes  a  baseline  of  data  in  its  known 
good  state,  monitors  and  reports  any  changes  to 
that  baseline,  and  enables  rapid  discovery  and 
recovery  when  an  undesired  change  occurs. 

Foundation  for  Data  Security 

■  Ensure  the  integrity  of  your  data 

■  Instant  assessment  of  system  state,  reporting 
"integrity  drifts” 


Your  firewalls  and  intrusion  detection  tools  alone 
are  not  enough  to  keep  systems  trustworthy. 
Tripwire’s  data  integrity  assurance  products  are  the 
only  way  to  know  with  100%  confidence  that  your 
data  remains  uncompromised.  For  nearly  10  years 
Tripwire  has  been  helping  IT  professionals  know 
exactly  what’s  changed  on  their  systems,  and 
helping  them  to  recover  quickly. 


Maximize  System  Uptime 

■  Eliminate  risk  and  uncertainty 

■  Enable  quick  restoration  to  a  desired  state 

Increase  Control  and  Stability 

■  Ongoing  monitoring  and  reporting 

Lower  Costs 

■  Find  and  fix  problems  quickly  and  precisely  - 
no  more  guess  work 


For  a  FREE  30-day  fully-functional 

eval,  call  toll-free:  1.800.TRIPWIRE  (874.7947)  or 

visit  http://networld.tripwire.com  today! 
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SHAPING  YOUR  NETWORK 


1 0  Gig  to  push  Ethernet  beyond  the  LAN 


■  BY  CHANDRA  KOPPARAPU 

The  new  IEEE  802.3ae  10  Gigabit  Ether¬ 
net  standard  represents  a  significant  mile¬ 
stone  in  the  evolution  of  Ethernet  technol¬ 
ogy  and  provides  a  tenfold  performance 
increase  over  1  Gigabit  Ethernet.  While 
Ethernet  has  been  dominant  in  the  LAN, 
the  advent  of  10G  Ethernet  promises  to  dra¬ 
matically  expand  the  applications  for 
Ethernet  beyond  LANs  into  metropolitan- 
area  networks  and  WANs. 

The  new  10G  Ethernet  preserves  the  cur¬ 
rent  Ethernet  semantics,  including  mini¬ 
mum  and  maximum  frame  size,  and  frame 
format.  Unlike  1  Gigabit  Ethernet,  however, 
10G  Ethernet  supports  full-duplex  transmis¬ 
sions  only  and  works  only  with  optical 
media.  Gigabit  Ethernet  also  works  over 
copper  medium. The  802.3ae  specification 
defines  two  sets  of  physical  interfaces  for 
10G  Ethernet  called  the  LAN  and  WAN 
physical  interfaces.  Some  of  the  most  im¬ 
portant  LAN  physical  interfaces  are: 

•  lOGbase-SR  —  850  nm  serial  interface 
with  a  range  of  990  feet  over  multimode 
fiber. 

•  lOGbase-LR —  1,310  nm  serial  interface 
with  a  range  of  a  little  more  than  6  miles 
over  single-mode  fiber. 

•  lOGbase-ER  —  1,550  nm  serial  inter- 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
have  one  and  want  to  contribute  it  to  a 
future  issue,  contact  Features  Editor 
Neal  Weinberg  (nweinberg@nww.com). 


■  how  it  works  1 0®  Ethernet 

10G  Ethernet  will  provide  additional  backbone  bandwidth 
to  corporate  LANs. 


Workgroup 


LAN  backbone 


Data  center 
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switch 
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switch 
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In  this  scenario,  end-user  PCs 
are  connected  to  a  workgroup 
switch  at  100M  bit/sec. 


The  workgroup  aggregation 
switch  connects  to  the  LAN 
backbone  at  1G  bit/sec. 


LAN  backbone 
switches  connect 
at  10G  bit/sec. 


10G  switches  in  the  data 
center  connect  to  the  LAN 
backbone  at  10G  bit/sec. 


face  with  a  range  of  just  less  than  25  miles 
over  single-mode  fiber. 

The  802.3ae  specification  also  includes 
a  WAN  PHY  definition  that  operates  at  a 
data  rate  compatible  with  a  payload  of 
OC-192  SONET.This  interface  provides  the 
same  distance  ranges  as  the  LAN  inter¬ 
faces,  but  allows  transport  of  Ethernet 
data  using  SONET  infrastructure  for  Layer 
1  transport. 

Using  the  10G  Ethernet  WAN  PHY  lets 
service  providers  use  existing  SONET 
add/drop  multiplexers  or  repeaters  to 
transport  Ethernet  traffic.  But  the  10G 
Ethernet  WAN  PHY  avoids  the  costly 
aspects  of  the  traditional  OC-192  SONET, 
such  as  stringent  grid  laser  specifications, 


jitter  requirements  and  stratum  clocking. 

All  the  existing  Ethernet  standards,  such 
as802.1Q  for  virtual  LANs, 802. Ip  for  traffic 
prioritization  and  802.3ad  for  link  aggrega¬ 
tion,  also  apply  to  10G  Ethernet.This  makes 
the  deployment  of  10G  Ethernet  simply  a 
plug-and-play  situation  for  most  corpora¬ 
tions  and  service  providers  with  Ethernet 
networks. 

10G  Ethernet  applications 

In  LANs,  where  Ethernet  is  dominant,  the 
most  immediate  application  for  10G  Ether¬ 
net  is  in  the  LAN  backbone.  With  100M 
bit/sec  Ethernet  to  each  desktop  and 
Gigabit  Ethernet  connecting  the  wiring 
closet  switches  to  the  backbone  switches, 


10G  Ethernet  provides  a  scalable  connec¬ 
tion  between  LAN  backbone  switches. 
With  processor  speeds  now  reaching  2 
GHz  and  beyond,  coupled  with  the  rapid 
price  decline  in  Gigabit  Ethernet  network 
interface  cards,  which  are  now  in  the  $100 
range,  most  servers  come  standard  with 
Gigabit  Ethernet  network  interface  cards. 
10G  Ethernet  provides  a  scalable  uplink 
from  the  switches  that  connect  server 
farms  with  Gigabit  Ethernet  fiber  or  copper 
interfaces  to  the  LAN  backbone. 

In  MANs,  many  service  providers  are 
looking  to  take  advantage  of  the  price/ 
performance  of  Ethernet  to  provide  cost- 
effective,  scalable  broadband  Ethernet 
services. 

The  lOGbase-LR  and  lOGbase-ER  inter¬ 
faces  are  cost-effective  10G  bit/sec 
options  for  building  ring  or  mesh  topolo¬ 
gies  in  MANs.  By  coupling  with  802.3ad- 
based  link  aggregation,  metropolitan  ser¬ 
vice  providers  get  an  aggregate  band¬ 
width  of  up  to  40G  bit/sec  between  two 
metropolitan  routers. 

For  WAN  applications,  the  10G  Ethernet 
WAN  PHY  lets  service  providers  protect 
and  use  existing  SONET  infrastructure, 
such  as  SONET  add/drop  multiplexers  and 
repeaters.  Because  the  10G  Ethernet  WAN 
PHY  avoids  many  of  the  costly  attributes  of 
SONET,  it  offers  a  compelling  alternative  to 
traditional  OC-192c  SONET  interfaces  with 
better  price/performance. 

The  10G  Ethernet  standard  was  approved 
two  weeks  ago,  which  paves  the  way  for 
vendors  to  begin  shipping  standards-com- 
pliant  products. 

Kopparapu  is  the  director  of  product  mar¬ 
keting  at  Foundry  Networks.  He  can  be 
reached  at  chandra@foundrynet.com. 


Dr.  Internet  By  Steve  Blass 

Our  switched  network  consists  of  3Com  CoreBuilder  9000  core  devices  and 
3Com  SuperStack  II  3300  edge  devices.  The  network  is  monitored  with  Big 
Brother.  We  sometimes  get  the  notification  from  Big  Brother  that  says 
“SKOO.telnet  red  Sam  June  15  01:09:33  CEST  2002  SERVER  -  telnet  DOWN." 
When  we  connect  via  telnet  at  the  switch,  it  seems  that  the  switch  has 
rebooted  or  reset  itself.  We  can  see  it  on  the  uptime  of  the  switch,  but 
there  are  no  user  trouble  calls.  It  seems  that  the  switch  is  still  switching, 
but  the  command-line  interface  (such  as  telnet),  does  something  else. 

CoreBuilder  9000  uses  separate  channels  for  management  traffic  and  net¬ 


work  traffic.  Telnet  connections  are  management  traffic  and  are  handled  by 
the  Enterprise  Management  Engine  module  in  the  switch.  It  is  possible  that 
the  backplane  continues  to  switch  while  the  management  module  resets. 
This  would  minimize  the  amount  of  time  that  users  behind  the  switch  could 
experience  trouble.  Look  at  related  network  traffic  logs  near  the  time(s) 
that  your  switch  resets  to  see  if  there  might  be  evidence  of  why  the  switch 
(or  just  the  management  module)  is  going  down  in  the  first  place. 

Blass  is  a  network  architect  at  Change@Work  in  Houston.  He  can  be 
reached  at  dr.internet(a)changeatwork.com. 
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Last  week  in  our  riveting  exposition  of 
syslog  tools  we  discussed  the  excel¬ 
lent  Kiwi  Syslog  Message  Generator. 
From  the  same  stable  comes  an  equally 
excellent  syslog  server,  Kiwi  Syslog 
Daemon  (www.nwfusion.com,  Doc- 
Finder:  9933). This  is  a  terrific  syslog  mon¬ 
itoring  tool,  perhaps  the  best  we’ve  seen 
so  far! 

The  daemon  features  a  grid  display  of 
syslog  messages  received.  It  has  10  “virtu¬ 
al"  display  screens,  and  you  can  create 
rules  to  send  selected  messages  to  a  spe¬ 
cific  screen.  This  is  a  neat  idea,  as  it  pro¬ 
vides  an  instant  filtering  capability.  For 
example, you  might  show  only  emergency 
errors  on  the  default  page  and  notices 
and  alerts  on  the  next  page. 

The  way  you  control  how,  where  and 
which  messages  are  handled  is  through 
rules. You  can  define  up  to  100  rules,  and 
each  rule  can  include  up  to  100  filters  and 
100  actions. 

Filters  specify  which  message  attributes 


Down  under  syslog 


and  values  are  to  be  handled.  For  exam¬ 
ple,  if  the  priority  field  concerns  a  mail 
service  notification  that  is  received  during 
working  hours  and  it  is  from  a  device 
within  a  specific  IP  address  range,  then 
the  actions  associated  with  the  rule  can 
be  performed. 

The  daemon’s  actions  can  sound  audio 
alarms,  send  e-mail  messages,  forward  sys¬ 
log  messages  to  another  host,  log  the  mes¬ 
sages  to  a  specific  log  file,  run  an  external 
program,  send  a  completely  new  syslog 
message  to  another  host.log  the  messages 
to  an  Open  Database  Connectivity  data¬ 
base  or  a  Windows  NT  event  log,  or  send 
an  SNMP  trap.  There  also  are  tests  that 
generate  e-mail  notifications  if  disk  space 
is  running  low. 

The  daemon  can  receive  syslog  mes¬ 
sages  over  User  Datagram  Protocol  (UDP) 
and  TCP  simultaneously,  along  with  field 
SNMP  traps.  Using  rules,  you  can  convert 
SNMP  traps  to  syslog  messages  and  vice 
versa,  or  rewrite  syslog  and  SNMP  mes¬ 
sages  and  forward  them. 

If  you  goof,  as  we  did,  you  can  create  a 
rule  that  takes  SNMP  traps  and  resends 
them.  If  you  broadcast  the  trap  rather  than 
sending  it  to  a  specific  host,  the  daemon 
will  receive  the  trap  again  and  resend  it. 
This  scenario  created  an  endless  loop 
which,  much  to  our  pleasure,  the  daemon 


handled  without  dying. 

Things  slowed  down  when  we  switched 
on  DNS  resolution  to  replace  the  host  and 
destination  IP  addresses 
with  names  —  this  can 
introduce  significant 
delays  in  updating  the 
display. 

The  daemon  can  run 
as  a  regular  application 
under  all  versions  of  Win-  ” 

dows  or  as  a  service  un¬ 
der  NT  and  2000  (there 
are  separate  installers  for  each  version). 

There  is  so  much  to  this  product  it  is 
staggering,  but  we  want  to  mention  just 
three  final  features:  First,  archiving  —  the 
daemon  can  automatically  create  sepa¬ 
rate  log  files  hourly,  daily  weekly  monthly 
or  on  a  custom  schedule.  Archives  also 
can  be  split  by  priority,  host  name,  host  IP 
address,  domain  name  and  tags  in  the 
message  text.  Next,  log  file  format  —  you 
can  specify  the  order  and  format  of  syslog 
messages  when  they  are  written  to  a  log 
file.  Third,  you  can  skin  the  daemon!  You 
can  make  it  look  like  whatever  pleases 
you. 

If  you  choose  not  to  pay  the  reasonable 
price  of  $70,  the  software  will  run  in  “free¬ 
ware  mode”  —  basically  a  subset  of  the 
functionality  (see  www.nwfusion.com, 


DocFinder:  9934  for  a  list  of  the  free  fea¬ 
tures  and  www.nwfusion.com,  DocFinder: 
9935  for  the  full  product).  Kiwi  Syslog  Dae¬ 
mon  is  outstanding 
and  we  award  it  10 
gearteeth  out  of  10! 

in  the  course  of  test¬ 
ing  the  daemon,  we 
used  a  number  of  tools 
we  highly  recommend: 
the  Kiwi  Logfile  viewer, 
a  Windows  9X,  NT/2000 
and  ME  application 
that  displays  tab-delimited  log  files  creat¬ 
ed  by  the  daemon  (and  any  other  appli¬ 
cation).  This  freeware  supports  filtering 
and  exporting  to  HTML  format.  We  also 
used  SNMPtrap,  freeware  from  BTT  Soft¬ 
ware,  a  small,  effective  SNMP  trap  logger. 

Following  up  on  another  excellent 
product,  AmphetaDesk,  which  we  re¬ 
viewed  a  few  weeks  ago  (see  www.nw 
fusion.com,  DocFinder:  9936),  Version 
0.93  has  been  released  (see  www.nwfu 
sion.com,  DocFinder:  9937).  Ampheta 
Desk’s  performance  has  improved  and 
the  templating  system  has  been  re-engi- 
neered  so  that  custom  layouts  can  be 
even  more  sophisticated. 

Recommendations  to  gearhead@gibbs 
.com. 


GEARHEAD  Kiwi  Enterprises 
RATING  Kiwi  Syslog 

Daemon 
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Cool 

Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


In  this  case,  the  saying  “the  third  time’s  a  charm”  is  true: 
Kyocera  Wireless  has  a  charmer  on  its  hands.The  com¬ 
pany  plans  to  announce  today  at  the  TechXNY  show 
(formerly  PC  Expo)  its  new  7135  smartphone,  the  succes¬ 
sor  to  its  6035  smartphone  that  combined  a  Palm  OS  with 
a  mobile  phone. 

The  latest  model  improves  on  some  of  the  shortcomings 
of  the  Smartphone,  mainly  by  reducing  the  size  and 
weight  of  the  device  and  adding  a  color  screen.  Kyocera 
considers  last  year’s  Smartphone  a  second-generation 
product,  because  it  was  the  successor  to  the  pdQ 
Smartphone  that  Qualcomm  launched  several  years  ago. 
(Kyocera  Wireless  purchased  Qualcomm’s  phone  busi¬ 
ness  in  2000). 

The  7135  smartphone  runs  on  the  new  Code  Division 
Multiple  Access  2000  lxRTT  networks  (available  from 
Verizon  Wireless  and  due  to  launch  from  Sprint  PCS 
this  summer),  which  will  let  you  download  data  from 
the  Internet  at  speeds  up  to  153K  bit/sec.  This  will  be 
among  the  first  group  of  phones  (in  the  U.S.)  that  let 
you  connect  to  the  IX  network’s  higher  speeds  directly 
from  the  phone.  Earlier  phones  could  connect  to  the 
network,  but  higher  data  speeds  were  only  available  via 
a  laptop/phone  connection.  The  7135  also  contains  a 
lull  i  iTML  Web  browser  with  encryption  capabilities 
thai  aims  to  provide  a  true  Web  surfing  experience,  as 
opposed  to  browsing  via  Wireless  Application 
Protocol. 


Kyocera  adds  color  to  its  smartphone 


Instead  of  the  keyboard  hinge  on  the  bottom, 
Kyocera  has  moved  it  to  the  top  for  a  more 
traditional  clamshell  design.  This  helps 
reduce  the  length  of  the  phone,  while 
keeping  the  same  screen  dimensions. The 
7135  also  weighs  a  bit  less  (6.6  ounces  vs. 
7.34  ounces  for  the  6035). 

Adding  the  color  screen  will  likely  eat 
up  some  battery  life.  Kyocera  Wireless 
says  the  new  phone  has  a  little  more 
than  three  hours  of  talk-time  life,  and 
up  to  123  hours  of  standby  time.  This 
compares  with  up  to  five  hours  of  talk 
time  and  up  to  180  hours  of 
standby  time  for  the  earlier 
models.  Still,  the  company 
says  the  battery  life  com¬ 
pares  well  with  other  color 
screen  smartphone  models. 
Finally,  for  e-mail,  the  device 
includes  the  Eudora  Mail 
client.  Kyocera  says  the  phone 
will  be  able  to  connect  to  corpo¬ 
rate  e-mail  and  have  e-mail  pushed 
to  the  phone  in  a  similar  manner  to 
Research  In  Motion’s  BlackBerry 
devices. 

The  phone  is  expected  to  launch  by 
the  fourth  quarter  of  this  year,  Kyocera  offi¬ 
cials  say.  Pricing  will  be  set  by  the  carriers, 
but  should  be  between  $500  and  $600,  plus 
monthly  service  fees. 


The  7135  can  display  more 
than  65,000  high-resolution  col¬ 
ors,  and  Kyocera  Wireless 
claims  the  screen  will  provide 
bright  colors  and  easy  visibility 
in  many  different  lighting  condi¬ 
tions.  A  criticism  of  some  other 
color  smartphone  models  has  been 
the  difficulty  of  seeing  their  screens 
in  bright  sunlight,  for  example. 

The  phone  runs  Palm  OS  Version 
4.1,  has  16M  bytes  of  on-board  RAM 
and  an  expansion  card  slot  compatible 
with  MultiMedia  Card  and  Secure 
Digital  formats.  Other  features  include  a 
hands-free  loudspeaker,  voice-activated 
dialing,  voice  memo,  Global  Positioning 
System  locator  technology  (once  the  car¬ 
riers  begin  supporting  GPS  technology 
in  their  networks), a  vibrating  alert  and 
two-way  Short  Message  Service  func¬ 
tionality  The  7135  also  can  be  con¬ 
nected  to  a  computer  as  a  wireless 
fax  and  modem.To  appeal  to  con¬ 
sumers,  Kyocera  Wireless  has 
added  an  MP3  player  to  the 
phone,  and  it  includes  a 
stereo  headset  jack. 

The  dimensions  of  the 
7135  differ  slightly  from 
the  original  smartphone. 


Kyocera  has  gone  to  a  clamshell 
design  to  make  its  smartphone 
smaller  than  before. 


Shaw  can  be  reached  at  kshaw@  nww.com. 
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SANavigator 
Does  Both 
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sanavigator.com/seeit/net5 
for  a  FREE  SANavigator  demo  CD. 


Today’s  complex  storage  networks  are  not  easy 
to  manage.  Even  on  a  good  day,  maintaining  and 
troubleshooting  SANs  comprised  of  multiple 
technologies,  vendors  and  devices  can  be  a 
navigational  nightmare.  Especially  if  you  can’t 
see  what  you’re  doing. 


SANavigator  makes  SAN  management  easy.  The 
powerful  discovery  tool  automatically  identifies 
all  SAN  components,  regardless  of  vendor  or 
protocol,  and  presents  you  with  a  clear,  detailed 
map.  From  a  single  console,  SANavigator  discov¬ 
ers,  plans,  configures  and  monitors  your  entire 
storage  network. 


SA 


Intuitive  visual  maps  facilitate 
SAN  planning  and  management. 


Visit  us  at 


What’s  more,  SANavigator  leverages  your  existing 
resources  to  reduce  hardware  and  personnel 
costs.  Real-time  performance  monitoring  tools 
boost  your  SAN’s  efficiency,  and  advanced 
planning  tools  reduce  the  risk  of  investing  in 

new  technologies. 


a  «  ft  a  V... 


Take  a  good  look 
at  your  storage 
network. 

Then  chart  your 
course  with 


SANavigator. 
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John  Dix 

The  sun  sets 
on  the  telecom 
cowboys 

Qwest  CEO  Joseph  Nacchio  rode  off  into  the  sunset 
last  week  to  join  fellow  telecom  cowboys  Bernard 
Ebbers  of  WorldCom  and  C.  Michael  Armstrong 
trom  AT&T  (Armstrong  isn’t  officially  gone  yet  but  has 
made  his  intentions  clear). 

All  three  men  are  stepping  out  at  a  time  of  unprece¬ 
dented  industry  turmoil,  leaving  behind  troubled  compa¬ 
nies,  some  of  them  on  the  edge  of  collapse. Their  lega¬ 
cies,  in  a  nutshell: 

•  Nacchio  went  from  champ  to  chump,  climbed  his 
way  back  up  to  champ,  then  slid  back  down  and  out. 
He  was  lured  from  AT&T  to  run  the  fiber  upstart  and 
made  Qwest  into  an  industry  and  Wall  Street  darling. 
Then  he  was  widely  maligned  for  marrying  the  com¬ 
pany  to  stodgy  old  US  West.  A  year  later  that  deal 
looked  brilliant  because  it  brought  in  a  steady  stream 
of  cash  and  gave  him  a  large  customer  base.  Now  the 
company  he  leaves  is  saddled  with  $26  billion  in  debt 
and  is  looking  to  sell  off  profitable  businesses  to  lessen 
the  load. 

•  Ebbers  built  an  empire  through  acquisition.  He  was 
an  early  investor  in  discount  long-hauler  LDDS,  became 
CEO  in  1985,  and  in  the  early  1990s  started  building  what 
would  become  WorldCom  by  buying  other  companies: 
WilTel  for  $2.5  billion,  MFS/UUNET  for  $12  billion  and 
MCI  for  $40  billion.  His  legacy  is  a  mountain  of  debt  — 
some  $30  billion  —  and  the  fact  that  he  was  more  inter¬ 
ested  in  the  deal  than  the  results  of  the  deal;  he  never 
properly  integrated  the  assets  he  acquired. 

•  Armstrong  will  be  best  remembered  for  his  failed 
$100  billion  bet  on  cable  TV,  the  resultant  splintering  of 
the  company  into  four  chunks  and  sale  of  the  compa¬ 
ny’s  grand  headquarters  in  Basking  Ridge,  N.J.  Arm¬ 
strong  was  going  to  use  the  cable  investments  to  storm 
the  local  market.  It  was  a  grand  vision  and  may  have 
worked,  but  the  stock  market  got  antsy  and  then  the 
whole  telecom  sector  tanked.  So  Armstrong  broke  up 
the  company  and  plans  to  head  the  firm  that  will  be 
formed  by  merging  AT&T  Broadband  with  cable  com¬ 
pany  Comcast. 

Of  course  these  men  and  their  companies  aren’t  the 
only  ones  that  have  had  a  rough  go  in  telecom. The  gut¬ 
ters  are  lined  with  dead  and  frightfully  wounded  compa¬ 
nies,  including  Global  Crossing,  XO,  Williams,  Winstar, 
Teligent  and  McLeod. 

But  Nacchio,  Ebbers  and  Armstrong  stand  out  as  cow- 
buys  because,  one,  they  headed  the  biggest  companies, 

.  nd  two,  they  made  the  boldest  moves. 


—  John  Dix 
Editor  in  chief 
jdix@nwiv.com 
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The  real  culprit 

Regarding  Mark  Gibbs’  Backspin  column  on  hack¬ 
ers  using  an  authorization  code  from  Ford  Credit  to 
get  credit  reports  from  credit-reporting  agency 
Experian  (“No  kidding,  no  security”  www.nw 
fusion.com,  DocFinder:  9854):  Gibbs  is  missing  the 
weak  link  in  the  chain.  I  know  a  little  about  how 
credit-reporting  agencies  work  (1  work  for  a  com¬ 
pany  that  does  pre-employment  screening,  and  we 
deal  in  a  lot  of  sensitive  information  about  people, 
albeit  most  of  it  public  record).  If  the  intruders 
used  an  authorization  code  stolen  from  Ford,  then 
it  is  very  possible  that  to  Experian  the  request  for 
13,000  reports  was  nothing  out  of  the  ordinary.  1 
checked  Ford’s  site  out  of  curiosity  and  they  did  3.8 
million  loans  in  2001  (and  likely  ordered  one  or 
more  reports  from  Experian  on  each  one),  so  an 
extra  13,000  credit  reports  (an  extra  0.3%)  would 
not  likely  raise  any  eyebrows  or  set  off  any  alarms 
at  Experian.  Of  course,  in  an  ideal  world,  Experian 
would  be  looking  for  patterns  of  fraud  —  concen¬ 
trations  by  ZIP  Code  in  a  short  period  of  time  or 
rerunning  of  reports  already  ordered  —  but  1  think 
the  possibilities  of  detecting  that  sort  of  thing  in 
practice  would  be  fairly  slim. 

The  real  screw-up  in  my  view  was  Ford.  Its 
account  was  used  to  order  the  reports.  How  did  the 
intruders  get  its  passwords,  accounts  and  so  on?  If 
we  focus  on  the  Experians  of  the  world  in  matters 
like  this,  then  we  are  trying  to  detect  problems 
rather  than  prevent  them. 

Tim  Crawford 
Senior  vice  president/CIO 
Total  Info 
Tulsa,  Okla. 

My  firm  provides  security  consulting  to  the  small 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01 772. 
Please  include  phone  number  and  address  for  verification. 


and  midsize  enterprise  market  in  Massachusetts. 
My  partner  and  I  have  run  into  numerous  small 
businesses  running  without  any  type  of  firewall  or 
security  protection.  When  we  inquire  if  they’re 
aware  that  their  network  resources  could  be  used 
to  attack  other  servers/networks,  we’re  met  with  a 
blank  stare.  I’m  personally  aware  of  15  to  20  peo¬ 
ple  with  broadband  connections  in  their  home 
with  no  firewall  and  no  antivirus  software  (or 
worse  —  noncurrent  software).  I’m  curious  to  see 
the  first  successful  lawsuit  by  one  firm  against 
another  where  the  defendant’s  resources  were 
used  as  a  source  for  a  denial-of-service  or  distrib¬ 
uted  denial-of-service  attack. 

Gary  Silverman 
Vice  president 
ARX  Partners 
Watertown,  Mass. 

Sounding  off  on  Cisco 

Many  of  the  comments  in  the  story“What  customers 
want  from  Cisco”  (www.nwfusion.com,  DocFinder: 
9855)  revolve  around  the  issue  of  Cisco’s  perceived 
friendliness  (or  lack  thereof)  toward  customers.  My 
pet  peeve  is  the  exorbitant  cost  of  Cisco’s  DRAM.  For 
example,  I  recently  priced  a  32M-byte  stick  for  a 
small  router.  Cisco’s  list  price  is  $1,900.  Many  other 
sources  quote  RAM  built  to  the  same  specification  at 
less  than  $30.  I  am  willing  to  pay  where  value  is 
added,  but  not  for  a  blatant  rip-off. 

Daniel  Cotts 
Fairfield,  Iowa 

It  is  amazing  to  me  that  Cisco  has  convinced  the 
world  that  continuous  churn  of  hardware  is  stan¬ 
dard  practice.  When  will  the  world  wake  up  and 
realize  that  Cisco  switches  and  routers  should  have 
more  than  a  nine-month  life  span? 

Arnold  Bennett 

Rochester,  N.H. 


More  online!  www.nwfusion.com  Rnd  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder  9921 
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USER  VIEW 

Chuck  Yoke 


According  to  Webster’s  dictionary  archi¬ 
tecture  is  defined  as  “a  unifying  or  coher¬ 
ent  form  orstructure.”The  word  architect 
is  derived  from  the  Greek  word  “architekton,” 
which  means  master  builder.  Interestingly 
enough, “tekton”  is  also  the  Greek  root  of  the 
word  technical.  By  definition,  technology 
architects  are  the  technical  master  builders  of  IT,  bringing  unity  and 
coherence  to  a  technology  infrastructure. 

In  the  past  year,  as  the  economy  has  dipped  and  companies  have 
embarked  on  cost-cutting  initiatives,  technology  architecture  has  been 
dealt  a  severe  blow.  In  many  companies, the  technology  architects  have 
been  downsized  or  eliminated  entirely  They  were  viewed  as  nonessen¬ 
tial  personnel,  and  in  many  cases,  that  was  probably  the  truth. 

Two  years  ago,  many  companies  had  a  technology  architecture  orga¬ 
nization  whose  role  was  to  ensure  network,  data,  application  and  sys¬ 
tem  architectures  were  designed  and  implemented  in  an  integrated, 
planned  manner.  However,  instead  of  being  seen  as  master  builders, 
they  were  often  viewed  as  the  IT  equivalent  of  the  ivory  tower  college 
professor  —  full  of  esoteric  knowledge,  but  dreadfully  lacking  in  real- 
world  know-how. 

In  many  cases,  the  architects  had  no  one  to  blame  but  themselves. 
Instead  of  trying  to  understand  the  business  needs  of  their  company 
architects  often  escaped  into  the  realm  of  esoteric  technology 
When  architects  got  involved,  their  solutions  were  often  based  on  the 


The  master  builders  of  IT 


newest  technology  without  considering  whether  it  met  the  business 
requirements  or  the  operations  staff  could  support  it.  Architects  were 
often  guilty  of  focusing  on  bells  and  whistles  instead  of  profit  and  loss. 

But  architects  need  to  focus  on  profit  and  loss. They  need  to  under¬ 
stand  operational  issues  and  constraints.  As  the  ancient  Greeks  remind 
us, architects  are  meant  to  be  master  builders.They  need  to  be  involved 
in  the  day-to-day  operations  of  the  company  to  understand  the  busi¬ 
ness  requirements.They  need  to  be  involved  with  the  engineers,  oper¬ 
ations  staff  and  developers  to  understand  their  issues.  And  they  need  to 
be  leading  the  effort  to  plan,  design  and  implement  integrated  IT  infra¬ 
structures  that  are  fiscally  responsible,  operationally  sustainable  and 
business  valuable. 

Today, many  companies  are  building  IT  infrastructures  based  on  point 
products.  While  implementing  an  IT  infrastructure  without  appropriate 
architectural  planning  may  be  cost-effective  in  the  short  term,  it  will  ulti¬ 
mately  cost  more  in  the  long  term.  A  well-planned,  business-focused, 
scalable  IT  infrastructure  will  outlast  any  depreciation  time  frame. 

As  the  economy  picks  up,  companies  need  to  again  consider  the 
value  that  technology  architecture  can  bring.  And  architects  need  to 
realize  that  business  knowledge  is  just  as  important  as  technological 
savvy  Technology  architects  can  be  valuable,  but  only  if  they  roll  up 
their  sleeves  and  become  the  business-focused  master  builders  of  IT. 


Architects  were 
often  guilty  of 
focusing  on  bells 
and  whistles 
instead  of  profit 
and  loss. 


Yoke  is  a  business  solutions  engineer  for  a  corporate  network  in 
Denver.  He  can  be  reached  at  ckyoke@yahoo.com. 


TELECOM  CATALYST 

Daniel  Briere  and  Russ  McGuire 


We  all  know  the  story  line: 
1996:  The  Telecom  Act 
promises  competitive  choic¬ 
es  for  consumer  and  enterprise  tele¬ 
com  buyers.  Legacy  players  — 
including  the  regional  Bell  operating 
companies,  but  especially  the 
incompetent,  shoddy-service  multiple  system  operators  —  are  doomed 
to  insignificance  in  the  face  of  well-capitaliz^i  new  players  leveraging 
disruptive  technologies. 

2002:  New  entrants?  Choice?  RBOC  insignificance?  Well,  at  least  we 
were  right  about  the  insignificance  of  the  MSOs  to  enterprise  buyers. 

Or  were  we?  Initial  rumblings  indicate  the  cable  players  might  be  the 
best-positioned  to  break  through  the  so-called  natural  monopoly  the 
RBOCs  hold  on  the  last  mile.  Compared  with  the  RBOCs,  cable  players 
have  consistently  delivered  on  the  opportunities  before  them.  Now  they 
have  focused  their  sights  on  the  small-  to  midsize-business  market. 

By  now  you’re  probably  thinking  of  reasons  why  the  cable  players 
can’t  succeed, such  as: 

•  MSOs  lack  the  wires  into  the  buildings  where  business  customers 
live.  So?  Unlike  telecom  players,  cable  players  have  not  hesitated  to 
deploy  new  infrastructure  where  incremental  revenue  opportunities 
make  it  worthwhile.  Every  time  a  cable  tech  sets  foot  in  a  customer’s 
home  or  office,  the  MSOs  see  it  as  a  selling  opportunity  Technicians  are 
successful  at  turning  install  appointments  into  upgrade  sales  to  digital 
service,  premium  channels,  broadband  and  even  telephony 
•  The  cable  infrastructure  is  incapable  of  supporting  enterprise-qual¬ 
ity  services.  And  the  cable  infrastructure  was  incapable  of  supporting 
bidirectional  consumer  data  services.  But  while  the  telecom  industry 
was  fighting  over  ADSL  vs.  SDSL  vs.  IDSL  vs.  HDSL  vs.  BDSL  vs.  CDSL  vs. 
EDSL,the  cable  industry  was  agreeing  and  collaborating  on  Data  Over 
Cable  Service  Interface  Specification  (DOCSIS)  1.0,  1.1  and  now  2.0. 
They’ve  tackled  voice  over  cable  and  now  are  focused  on  LAN  services 
over  cable.  DOCSIS  2.0  not  only  supports  higher-speed  service  but  also 
provides  features  critical  to  enterprise  networking,  including  quality  of 


Video  killed  the  telephone  stars? 


service  and  security  features. 

•  The  MSOs  have  no  presence  in  the  business  market.  And  the  RBOCs 
do?  Most  people  buy  from  the  RBOCs  because  they  have  to,  not  because 
they  truly  consider  their  local  Bell  to  be  their  best  telecom  partner.  We’ll 
place  our  money  on  the  MSOs,  which  are  more  likely  to  consider  viable 
and  valuable  channel  partners  and  might  even  listen  to  the  unmet 
needs  of  business  customers  to  create  solutions  that  really  work. 

•  Because  of  their  small  serving  areas,  the  MSOs  are  incapable  of 
meeting  the  needs  of  multilocation  businesses.  Unlike  the  animosity 
the  RBOCs  exhibit  toward  their  sister  Bells,  the  MSOs  are  cooperative. 
The  cable  industry  has  implemented  a  cross-referral  program  to  ensure 
a  consumer’s  cable  service  preferences  easily  follow  him  when  he 
moves  to  a  new  serving  area.  Although  that  program  falls  short  of  what’s 
needed  for  interoperable  services  crossing  MSO  boundaries,  the  cable 
industry  has  significantly  outperformed  the  telecom  industry  in  over¬ 
coming  the  natural  barriers  between  companies. 

If  you’re  reaching  for  the  phone  to  call  your  MSO  to  move  your  busi¬ 
ness  circuits  and  services  off  the  RBOC,  you’ll  have  to  exercise 
patience.  Although  the  cable  industry  is  well-positioned  to  overcome 
the  above  obstacles,  these  are  real  and  challenging  issues.  Un¬ 
doubtedly,  the  MSOs  will  move  methodically  into  business  services. 
First,  they’ll  focus  on  home  offices  and  home-based  businesses,  where 
they  already  have  the  infrastructure.  Next,  they’ll  focus  on  geographies 
with  a  mix  of  residential  and  business  buildings  to  minimize  build-out 
costs.  Then  they’ll  move  into  serving  singlelocation  businesses  that 
don’t  require  cross-company  coordination,  before  finally  making  the 
big  push  into  the  enterprise  market. 

But  considering  how  the  future  looks  under  an  RBOC  monopoly, 
we’re  sure  you’ll  join  us  on  the  sidelines, rooting  for  the  cable  players  to 
figure  this  all  out  and  finally  provide  us  with  true  competitive  choice 
from  a  financially  viable  player. 


Unlike  the  ani¬ 
mosity  the  RBOCs 
exhibit  toward 
their  sister  Bells, 
the  MSOs  are 
cooperative. 


Briere  is  CEO  and  McGuire  is  chief  strategy  officer  ofTeleChoice,  a  mar¬ 
ket  strategy  consultancy  for  the  telecommunications  industry.  They  can  be 
reached  at  telecomcatalyst@telechoice.com. 


in  a  world  of  “security  solutions”  ? 


SSH  Secure  Shell.  Essential. 

Poor  Packet.  It's  easy  to  get  lost  in  a  quagmire  of  complex  security  offerings.  Sometimes,  you  just  want  something  simple  —  that  works.  Like  SSH 

Secure  Shell.  We  invented  it.  It's  the  worldwide  de  facto  standard  —  essential  for  secure  remote  access,  with  millions  of  users  worldwide.  SSH 
offers  Secure  Shell  in  a  robust,  fully-supported  commercial  grade  release  that's  perfect  for  any  enterprise.  Once  launched,  it  provides  transparent, 
strong  authentication  —  encrypting  passwords  and  securing  communications  over  any  IP-based  connection. 

So  to  find  your  way  home ,  come  visit  us  at  www.ssh.com. 


Tel  (650)  251  2700  •  Fax  (650)  251  2701  •  1076  East  Meadow  Circle,  Palo  Alto,  CA  94303  •  ipsec-sales@ssh.com 


r  2002  SSH  Communications  Security  Corp.  All  rights  reserved.  ssIT  is  a  registered  trademark  of  SSH  Communications 
Security  Corp  in  the  United  States  and  in  certain  other  jurisdictions.  SSH2.  the  SSH  logo,  IPSEC  Express.  SSH  Certifier,  SSH 
QuickSec,  SSH  Sentinel,  Making  the  Internet  Secure  and  Packet  the  Dog  are  trademarks  of  SSH  Communications  Security 
Corp  and  my  be  registered  in  certain  jurisdictions.  All  other  names  and  marks  are  property  of  their  respective  owners. 


Eight  IDSs  fail  to  impress  during  the  monthlong  test 

on  a  production  network. 


wolf:  False  alarms  hide  attacks 


■  BY  DAVID  NEWMAN,  JOEL  SNYDER  AND  RODNEY  THAYER 


One  thing  that  can  be  said  with  certainty  about  network-based  intrusion-detection  systems  is  that  they’re 
guaranteed  to  detect  and  consume  all  your  available  bandwidth.  Whether  they  also  detect  network  intrusions 
is  less  of  a  sure  thing. 

Those  are  the  major  conclusions  of  our  first-ever  IDS  product  comparison  conducted  “in  the  wild.”  Unlike 
previous  tests  run  in  lab  settings,  we  put  seven  commercial  IDS  products  and  one  open-source  offering  on  a 
live  ISP  segment  to  see  what  they’d  catch. 


What  we  found  wasn’t  encourag¬ 
ing: 

•  Several  IDSs  crashed  repeatedly 
under  the  burden  of  the  false 
alarms  they  churned  out. 

•  When  real  attacks  came  along, 
some  products  didn't  catch  them 
and  others  buried  the  reports  so 
deep  in  false  alarms  that  they  were 
easy  to  miss. 

•  Overly  complex  interfaces 
made  tuning  out  false  alarms  a 
challenge. 

Because  no  product  distin¬ 
guished  itself,  we  are  not  naming  a 
winner  (See  story  “No  cigar,”  page 
58). The  eight  products  we  tested 
—  from  Cisco,  Intrusion,  Lancope, 

Network  Flight  Recorder  (NFR), 

Nokia  (running  on  OEM  version  of 
Internet  Security  Systems  Real- 
Secure  6.5),  OneSecure,  Recourse 
Technologies  and  the  open-source 
Snort  package  —  all  ask  too  much 
of  their  users  in  terms  of  time  and 
expertise  to  be  described  as  security  must-haves. 

That’s  not  to  say  IDSs  have  no  place  in  corporate  networks.They  can  be  valuable 
tools  for  learning  about  network  security  and  can  validate  that  other  security  de¬ 
vices  are  doing  their  jobs.  But  setting  up  the  current  generation  of  IDSs  requires  a 
substantial  time  investment  to  ensure  they’ll  flag  only  suspicious  traffic  and  leave 
everything  else  alone. 


We  used  the  production  network 
of  Opus  One,  an  ISP  in  Tucson,  Ariz., 
as  our  testbed.  Opus  One  offers  Web 
hosting  and  leased-line,DSL  and 
dial-up  Internet  access  services  to  50 
small  to  midsize  businesses.The 
backbone  infrastructure  includes 
nineT-1  circuits  with  an  average  uti¬ 
lization  in  the  range  of  9M  to  12M 
bit/sec. 

To  spice  things  up  a  bit,  we  de¬ 
ployed  four  “sacrificial  lambs,”  sys¬ 
tems  running  old,  unpatched  ver¬ 
sions  of  Windows  2000  Server  and 
NT  4.0  Server,  Red  Hat  Linux  6.2  and 
Sun  Solaris  2.6.  Putting  plain-vanilla 
versions  of  these  operating  systems 
on  the  Internet  is  just  asking  to  be 
attacked.  Past  studies  have  shown 
that  unpatched  systems  get  owned 
in  a  matter  of  minutes,  thanks  to 
automated  scripts  that  find  and 
exploit  well-known  vulnerabilities. 
We  figured  the  IDS  sensors  couldn’t 
miss  seeing  these  attacks. 

All  IDSs  consist  of  at  least  one  sensor  that  monitors  traffic  and  sends  alarms  when¬ 
ever  suspicious  behavior  occurs.There  are  two  major  methods  of  detecting  problems: 
signature  detection  and  anomaly  detection. Signature  detection,  used  by  all  products 
in  this  review  except  Lancope’s  Stealth  Watch,  will  generate  an  alarm  whenever  traffic 
matches  a  known  attack  pattern.  With  anomaly  detection,  the  IDS  compares  current 
behavior  against  a  baseline  of  “normal"  traffic  on  that  network  and  flags  anything  out 
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Network-based  IDSs  are  designed  to  sit 
on  your  network,  monitor  traffic  and 
send  alarms  whenever  suspicious  be¬ 
havior  occurs.  Sounds  like  a  fairly  sim¬ 
ple  marching  order,  but  our  month-long 
test  of  eight  of  these  products  show  that 
setting  up  IDSs  requires  a  substantial 
time  investment  to  ensure  they’ll  flag 
only  suspicious  traffic  and  leave  every¬ 
thing  else  alone. 
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Charts: 

Our  graphics  track  the 
uptime  of  the  eight  products 
we  tested  and  how  well  each 
detected  representative 
major  attacks  on  our  produc¬ 
tion  network. 
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Glossary: 

If  IDS  terminology  is  alphabet 
soup  to  you,  our  glossary  of 
IDS-specific  tags  will  help  in 
the  translation. 


Deployment  tips: 

If  you  are  considering  installing  an 
IDS  product  on  your  network,  read 
our  IDS  deployment  tips  to  help 
reduce  the  number  of  false  positives 
—  attacks  that  don't  really  exist  — 
reported  by  your  IDS. 
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Network-based  intrusion-detection  systems 


of  profile  as  an  alarm. 

For  signature  detection,  the  size  of  the 
attack  library  is  key  and  vendors  boast 
about  spotting  large  numbers  of  attacks. 
On  the  flip  side, signature-based  IDSs  only 
report  on  attacks  they  know  about.  With 
new  attacks  appearing  daily,  keeping  the 
library  current  is  a  must. 

Anomaly-based  IDSs  don’t  need  to  know 
about  specific  attacks,  only  exceptions. This 
makes  them  easier  to  maintain.  At  the 
same  time,  alarms  from  anomaly-based  sys¬ 
tems  are  only  as  useful  as  the  baseline 
with  which  they’re  compared.  An  anomaly- 
based  system  might  characterize  a  net¬ 
work  already  rife  with  attacks  as  “normal” 
and  thus  miss  future  intrusions. 

We  wanted  our  test  to  model  corporate 
use  of  IDSs,  especially  when  it  came  to 
management.  Most  IDSs  offer  a  manage¬ 
ment  hierarchy  with  two  tiers  (or  more), 
so  sensors  on  one  network  can  report  to  a 
management  console  and/or  database  in 
another  location.To  model  this  distributed 
approach,  we  set  up  an  IP  Security  tunnel 
from  the  sensors  at  Opus  One  to  Network 
Test’s  offices  in  Los  Angeles,  where  the 
management  stations  were  located. 

Staying  alive 

Initially,  we  planned  to  assess  the  IDSs  on 
accuracy  and  ease  of  use.  As  it  turned  out, 
we  needed  to  add  a  third  metric:  uptime. 

All  the  products  we  tested  —  save  one 
—  suffered  at  least  some  downtime  dur¬ 
ing  our  approximately  30  days  of  testing 
(see “Uptime  table,”  page  60). 

Even  before  we  turned  loose  the  sacri¬ 
ficial  lamb  hosts,  we  experienced  nu¬ 
merous  crashes  as  IDS  sensors  struggled 
to  keep  up  with  traffic.  In  some  cases, 
this  occurred  because  the  sensor  simply 
fell  over.  An  early  version  of  the  NFR  soft¬ 
ware,  for  example,  caused  the  vendor’s 
NID200  sensor  to  use  all  available  mem¬ 
ory  and  CPU  resources.  A  software  patch 
fixed  that  problem. 

A  more  common  problem  lay  with  the 
management  stations.  Most  wouldn’t  stay 


up  for  more  than  a  few  days  because  of 
database  overload. 

Cisco’s  Secure  Intrusion  Detection 
System  4235,  Intrusion’s  SecureNet  7145C 
and  Nokia’s  IP530  —  were  especially 
shaky  on  availability  Cisco’s  sensor  never 
locked  up,  but  its  management  software 
was  another  story. 

The  vendor  initially  supplied  Version 
2.3.3i  of  its  Cisco  Secure  Policy  Manager 
(CSPM).CSPM  is  a  powerful  application 
with  tons  of  useful  features  and  one  very 
significant  downside:  Whenever  its  data¬ 
base  grows  too  large,  the  application 
ceases  to  function. 

CSPM  hit  this  threshold  daily  Cisco  sug¬ 
gested  we  create  and  run  a  batch  file 
twice  daily  that  would  automatically 
prune  CSPM’s  logs. This  fix  kept  the  appli¬ 
cation  going,  but  it  also  excised  the  data¬ 
base  of  previous  entries  that  CSPM  could 
have  used  for  its  event  correlation  and 
reporting  functions. 

Cisco  says  it  will  announce  a  new  ver¬ 
sion  of  CSPM  next  month  that  runs  atop  a 
more  robust  database.  We  hope  so.  Al¬ 
though  CSPM  is  intended  to  collate  input 
from  large  numbers  of  sensors,  in  our  test 
it  took  just  one  to  kill  it. 

We  also  used  a  beta  version  of  Cisco’s 
free  management  tool  —  Integrated  De¬ 
vice  Manager  (1DM)  with  Integrated  Event 
Viewer.  IDM  Version  3.1  didn’t  crash  once. 

Intrusion’s  SecureNet  Provider  (SNP) 
software  uses  a  multitiered  approach  in 
which  different  machines  can  be  used  as 
sensors;  consoles  (for  configuring  the 
sensor);  databases  (for  storing  alarms 
from  multiple  sensors);  and  clients. 

In  our  experience,  it  was  the  SNP  client 
that  locked  up  repeatedly.  We’d  see  CPU 
utilization  rise  above  90%  and  stay  there. 
In  that  state,  it  was  impossible  to  tell  what 
events  Intrusion’s  client  was  and  wasn’t 
seeing. 

The  vendor’s  fix  was  twofold:  First, 
Intrusion  tuned  its  database  not  to  store 
any  alarms  for  what  it  deemed  low- 
severity  events.  Second,  the  company 
configured  the  client  to  store  only  a 
day’s  worth  of  alarms. These  measures 


No  cigar 


Given  the  problems  we  encountered  with  availability,  accura¬ 
cy  and  ease  of  use,  we  are  not  naming  winners  in  this  test. 
On  balance,  we  felt  that  all  products  were  roughly  compa¬ 
rable.  We  hope  to  see  much  improvement,  especially  in  the  area 
of  ease  of  configuration  and  management,  by  our  next  review.  ; 

That  said,  there  were  a  couple  of  honor¬ 
able  mentions.  The  !P530/RealSecure 
entry  from  Nokia/ISS  had  trouble 
staying  up  but  when  it  did  work,  it 
offered  the  best  combination  of 
detailed  reporting  and  assistance  to 
new  users.  Lancope's 
StealthWatch  also  deserves  spe¬ 
cial  mention  for  being  the  only 
product  that  didn't  crash  once 
during  our  review.  However, 

StealthWatch  needs  a  lot  more 
muscle  in  its  intrusion-detection 
system  reporting. 


kept  the  client  running  but  limited  the 
amount  of  data  stored  locally.  Intrusion’s 
database  continued  to  log  all  medium- 
and  high-severity  events  it  received. 
However,  the  lack  of  local  information  at 
the  management  client  could  be  irk¬ 
some  for  a  network  professional  trying 
to  piece  together  an  incident  after,  say,  a 
long  weekend. 

The  most  troublesome  performer  of  all 
was  Nokia’s  IP530.What  the  vendor  touts 
as  a  “high-performance  security  platform” 
locked  up  13  out  of  the  approximately  30 
days  we  used  it. 

On  the  sensor  side,  Nokia’s  hardware- 
based  security  appliance  runs  Real- 
Secure  6.5  from  Internet  Security  Systems 
(ISS).The  volume  of  traffic  on  the  Opus 
One  network  caused  the  IP530’s  Real- 
Secure  process  to  terminate  roughly  once 
a  day  until  Nokia  supplied  a  patch. 

Volume  was  the  root  problem  for  Nokia’s 
management  application. The  first  of  sev¬ 
eral  problems  was  Nokia’s  decision  to  sup¬ 
ply  Microsoft  Database  Engine  (MSDE)  as 
its  data  store.  MSDE  works  well  on  a  very 


quiet  network,  but  it  was  unable  to  keep 
up  with  the  feed  from  Opus  One.  It  would 
fill  up  and  stop  running  less  than  24  hours 
after  each  reinstallation  (which  also 
wiped  out  all  previous  data).  At  our  re¬ 
quest  Nokia  supplied  another  manage 
ment  machine  running  Microsoft’s  SQL 
Server,  but  this  too  locked  up. 

Most  of  the  other  sensors  and/or  con¬ 
soles  also  suffered  from  at  least  some 
downtime  in  our  tests.The  OneSecure 
Intrusion  Detection  and  Prevention  (IDP) 
sensor  crashed  once  and  wouldn’t  re 
boot;  installing  a  software  upgrade  also 
left  the  sensor  unusable  because  it  didn’t 
set  a  default  route. 

The  bigger  problem  with  OneSecure 
was  glacial  screen  updates  on  its  man¬ 
agement  console.  Although  the  Java- 
based  application  logged  a  large  number 
of  events,  scrolling  through  the  log  entries 
took  so  long  that  the  application  often 
seemed  to  be  hung.  Only  exiting  the 
application  would  bring  it  back  to  life. 

Recourse’s  ManHunt  application,  also 

See  IDS,  page  60 
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Cisco  IDS  4235 

Company:  Cisco,  (408)  526-4000, 
www.cisco.com  Price:  $12,500  plus 
$2,000  for  the  CSPM  management 
software.  Pros:  Robust  sensor;  strong 
event  correlation;  lightweight  Web 
access  tool.  Cons:  Database  crashed 
repeatedly;  cryptic  user  interface. 


Nokia  IP530  running  ISS  RealSecure  6.5 

Company:  Nokia,  (650)  625-2000, 

.  ww.nokia.com.  Price:  Platform 
options  start  at  $2,500  and  vary  based 
me  number  of  software  licenses.  Pro: 
V  .  rtmtive  user  interface  and  attack 
-•ft  iptiony.  Con:  Frequent  crashes. 


Intrusion  SecureNet  7145C 

Company:  Intrusion,  (888)  637-7770, 
www.intrusion.com  Price:  $17,000  plus 
$2,000  for  the  Intrusion  SecureNet 
Provider  monitoring  and  reporting 
software.  Pro:  Multitier  approach 
intended  for  large-scale  deployments. 
Con:  Database  crashed  repeatedly; 
unhelpful  attack  descriptions. 

Intrusion  Detection  and  Prevention 


Company:  OneSecure,  (408)  992-8000, 
www.onesecure.com.  Price:  $16,500. 
Pros:  Only  in-line  system  supported; 
displays  host  names  by  default.  Cons: 
Missed  some  attacks;  Java-based 
management  software  is  sluggish. 


StealthWatch  Ml 00 

Company:  Lancope,  (678)  566-4750, 
www.lancope.com  Price:  $20,000.  Pros: 
Web-based  tool  tracks  bandwidth 
utilization.  Con:  Missed  or  misdiagnosed 
security  breaches. 


ManHunt 

Company:  RecourseTechnologies, 
(877)  786-9633,  www.recourse.com. 
Price:  $25,000.  Pros:  Relatively  good 
accuracy  and  uptime  results.  Cons: 
Java-based  management  software  is 
sluggish. 


NID200 

Company:  NFR  Security,  (800)  234-8419, 
www.nfr.com  Price:  $12,500.  Pros: 
Extensive  logging;  custom  filtering 
language  supported.  Cons:  Difficult  to 
tune;  yielded  many  false  positives. 


Snort  1.8 

Company:  Open  source,  www.snort.org. 
Price:  n/a  Pros:  Most  detailed 
reporting;  open  source  code  base. 
Cons:  No  graphical  user  interface;  no 
event  correlation. 


In  a  world  where  it’s  a  different  kind  of  threat  every  day,  you  need  a  different  kind  of  security. 


New  threats  can  blow  through  any  firewall  or  anti-virus  software.  That's  why  we  deliver  seamless  information  protection 
with  centralized  management  for  networks,  servers  and  desktops.  From  proactive  research  and  award-winning  software  to 
24/7  protection  and  response  services,  our  solutions  detect,  prevent  and  respond  to  attacks  and  misuse.  And  it's  all  backed  by 
the  X-ForceT  our  global  protection  services  organization.  Want  to  see  more?  Call  800-776-2362.  Or  visit  www.iss.net/nww. 


INTERNET 

Security 

Systems' 


,  Network-based  intrusion-detection  systems 


IDS 

Continued  from  page  58 

Java-based,  was  nearly  as  sluggish  at 
times.  It  hung  twice  during  our  tests. 

The  only  commercial  product  that  didn’t 
crash  at  all  was  Lancope’s  Stealth  Watch. 

This  Web-based  appliance  didn’t  have  a 
separate  management  application  to 
crash.  Further,  the  Stealth  Watch  sensor 
never  once  locked  up. 

Who  goes  there? 

Our  main  metric  for  this  project  was 
accuracy. What  attacks  would  the  IDSs 
see,  and  how  clearly  would  they  identify 
those  attacks? 

We  considered  an  attack  to  be  any 
compromise  of  any  computing  resource 
on  the  “protected”  network.That  resource 
could  be  bandwidth, disk  space,  a  printer, 
a  password  file  —  basically,  anything  for 
which  access  is  not  explicitly  authorized. 

Tli  is  is  not  the  same  as  an  attempted 
attack;  if  there  was  no  compromise,  then 
the  IDS  is  essentially  reporting  on  a  vul¬ 
nerability  that  doesn’t  exist.  During  the 
test,  most  of  the  ISPs  generated  so  many 
false  positives  that  it  was  difficult  to  spot 
reports  of  real  attacks. 

We  expected  the  IDS  sensors  to  report 
any  behavior  outside  these  bounds  and 
only  such  behavior. The  major  challenge 
when  it  comes  to  IDS  reporting  is  reduc¬ 
ing  the  number  of  false  positives,  while  at 

IDS  uptime  or  downtime? 


the  same  time  avoiding  false  negatives 
(see  online  IDS  glossary,  page  62). 

Sensors  take  different  approaches  to 
reporting  accurately.  A  sensor  that  sends 
an  alarm  every  time  a  packet  goes  by 
would  be  very  accurate  because  it  would 
flag  every  attack  packet.  But  this  sensor 
also  would  flag  everything  else,  making  it 
difficult  to  distinguish  real  attacks  from 
background  noise.  Open-source  Snort 
came  closest  to  this  model,  with  NFR’s 
NID200  a  close  second. 

At  the  other  end  of  the  spectrum,  an 
IDS  could  be  configured  to  send  alarms 
for  only  a  narrowly  defined  set  of  criteria. 
For  example,  it  could  flag  only  FTP  ses¬ 
sions  to  host  X  from  userY  at  time  Z. 

The  big  danger  here  is  false  negatives; 
because  if  the  IDS  only  listens  for  a  few 
specific  events  it  will  miss  everything  else. 
We  were  especially  concerned  about  this 
when  tuning  the  Cisco,  Intrusion  and 
Nokia  products  because  they  had  to 
reduce  their  reporting  load  to  stay  opera¬ 
tional.  In  addition,  OneSecure’s  device  had 
relatively  few  alarms  enabled  by  default. 

We  found  most  IDSs  reported  far  too 
much  rather  than  too  little,  making  it  dif¬ 
ficult  to  pick  out  actual  attacks  from  all 
the  noise. 

Our  first  indication  of  trouble  came 
before  we’d  even  powered  up  the  sacrifi¬ 
cial  lambs.Two  Macintoshes  attached  to 
Opus  One’s  network  froze  at  the  same 
instant,  possibly  indicating  a  denial-of- 
service  attack. 

Checking  the  IDS  clients,  we  found 


Only  one  IDS  product,  Lancope’s  StealthWatch  M100,  stayed  up  for  the 
entire  monthlong  test.  Others  struggled  with  false  positives,  leading  to 
crashes  and  uptime  numbers  closer  to  nine  fives  than  to  five  nines. 
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Not  in  the  game 

A 


s  is  the  case 
with  all  com¬ 
parative  re¬ 
views  conducted  by 
Network  World  and 
its  testing  partners, 
we  attempted  to 

identify  all  vendors  that  we  believe  offer 
products  that  fit  the  criteria  for  the  review.  We  invited  13  vendors  to  submit  their 
products  for  testing.  While  seven  agreed  to  participate,  Computer  Associates, 
Enterasys  Networks,  nCircle,  Niksun  and  Symantec  declined.  Additionally,  ISS 
was  invited  to  participate  on  its  own  but  the  company  elected  to  be  in  the  test 
via  its  partnership  with  Nokia. 


thousands  of  alarms  from  all  sensors  — 
but  only  NFR’s  N1D200  and  Recourse’s 
ManHunt  actually  reported  a  SYN  flood 
attack  at  the  instant  the  Macs  froze  (see 
attack  chart,  below). 

The  Cisco,  Intrusion  and  Nokia  systems 
were  unavailable  because  their  databases 
had  frozen  as  a  result  of  the  huge  volume 
of  alarms  they  handled,  almost  all  of 
which  were  false  positives.  Lancope’s 
StealthWatch  and  the  OneSecure  sensor 
didn’t  see  an  attack.  Snort  was  off  the  air 
at  the  time  of  the  attack  because  of  mis- 
configuration  on  our  part. 

Determining  which  sensors  did  and 
didn’t  see  the  attack  was  a  chore.  Using 
NFR’s  Administration  Interface  manage¬ 
ment  tool,  we  could  query  for  all  inci¬ 
dents.  However,  the  version  of  Admin¬ 
istration  Interface  we  tested  only  returned 
a  maximum  of  4,096  records  per  query,  or 
around  17  minutes’ worth  of  traffic  on  the 
network.  A  registry  edit  on  a  later  version 
of  Administration  Interface  lets  a  query 
return  more  responses. 

Positively  negative 

So  what  was  it  that  kept  the  sensors  so 
busy  they  couldn’t  report  on  actual  inci¬ 
dents?  By  far  the  biggest  problem  was  a 
huge  number  of  false  positives,  with  sen¬ 
sors  sending  alarms  for  insignificant 
events  —  or  even  worse,  for  vulnerabili¬ 
ties  that  didn’t  exist. 


Attackers  launched  thousands  of  penetration  attempts  on  the  network  monitored  by  the  IDSs  we  tested.  As 
shown  in  these  three  representative  incidents,  not  all  IDSs  recognized  all  attacks. 


1  IDS 

Incident 

Response 

Incident 

Response 

Incident 

Response 

Cisco 

SYN  flood 

Database  frozen 

Code  Red  worm 

Database  frozen 

wu-ftpd  exploit 

Saw  attack 

Intrusion 

SYN  flood 

Client  frozen 

Code  Red  worm 

Client  hung 

wu-ftpd  exploit 

Saw  attack 

Lancope 

SYN  flood 

No  report 

Code  Red  worm 

No  report 

wu-ftpd  exploit 

No  report 

NFR 

SYN  flood 

Saw  attack 

Code  Red  worm 

Saw  attack 

wu-ftpd  exploit 

No  report 

Nokia/ISS 

SYN  flood 

No  report 

Code  Red  worm 

Sensor  hung 

wu-ftpd  exploit 

Saw  attack 

| 

OneSecure  I 

SYN  flood 

No  report 

Code  Red  worm 

No  report 

wu-ftpd  exploit 

Saw  attack  (1) 

Recourse 

SYN  flood 

Saw  attack 

Code  Red  worm 

Saw  attack 

wu-ftpd  exploit 

No  report 

Snort  _J 

SYN  flood 

No  report  (2) 

Code  Red  worm 

Saw  attack 

wu-ftpd  exploit 

Saw  attack 

i  -  '.a  attack  in  in-line  mode;  failed  to  detect  attack  in  passive  mode. 

•:  Gtf'ine  because  of  configuration  error. 


The  most  egregious  example  of  the  lat¬ 
ter  was  the  massive  number  of  reports  of 
the  Code  Red  and  Code  Blue  attacks 
commonly  launched  against  Microsoft’s 
Internet  Information  Servers  (IIS)  Web 
servers.  NFR  also  sent  many  “successful 
Nimbda  attack”  reports,  alerting  us  to  the 
presence  of  another  way  in  which  IIS  can 
be  compromised. To  be  sure, such  attacks 
are  a  real  problem  —  provided  the  vul¬ 
nerability  also  is  real. 

But  Opus  One’s  servers  run  OpenVMS, 
not  Windows.  Even  though  it  is  trivially 
easy  to  figure  out  what  operating  system 
a  Web  server  uses,  not  one  of  the  IDSs  did 
so.  Instead,  they  collectively  generated  lit¬ 
erally  millions  of  alarms  about  attacks 
that  never  happened. 

An  even  greater  source  of  noise  was 
reporting  on  benign  events  on  the  net¬ 
work. The  Cisco,  Intrusion,  Lancope, 

Nokia,  OneSecure  and  Recourse  prod¬ 
ucts  prioritize  alarms  by  severity,  tagging 
events  with  labels  such  as  high,  medium 
or  low  severity. 

In  most  cases  the  sensors  spewed  vast 
quantities  of  “low”  or  “informational” 
alarms.The  Nokia  and  Intrusion  devices 
sent  low-priority  alarms  every  time  an 
end  user  requested  a  Web  page. This 
might  be  desirable  in  paranoid  network 
configurations  where  Web  access  is  for¬ 
bidden,  but  on  an  ISP’s  network  where 
Web  traffic  is  the  norm,  it’s  not  only 
annoying  but  also  dangerous  to  the  well¬ 
being  of  the  IDS  sensor  and  its  manager. 

Things  went  from  bad  to  worse  once  we 
attached  the  sacrificial  lamb  machines  to 
the  network.  Attackers  compromised 
these  hosts  soon  after  we  deployed  them 
—  but  in  some  cases  it  was  the  host’s 
own  message  logs,  and  not  the  IDSs,  that 
offered  proof  positive. 

The  easiest  target  was  our  Windows  NT 
Server  box.  It  became  a  launching  pad  for 
the  Code  Red  and  Code  Blue  worms  with¬ 
in  an  hour  of  deployment.  We  soon  began 
receiving  complaints  from  other  ISPs  advis¬ 
ing  us  we  had  a  compromised  machine. 

Unfortunately,  the  IDS  sensors  weren’t  as 
clear  in  their  reports.  Code  Red  and  Code 
Blue  worms  involve  lots  of  traffic,  and  this 
blinded  some  of  the  sensors.  NFR  saw  the 

See  IDS,  page  62 
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Network-based  intrusion-detection  systems 


IDS 

Continued  from  page  60 

attacks,  but  these  alarms  were  buried 
inside  thousands  of  other  reports  of 
attempted  attacks  against  other  machines 
that  weren’t  running  IIS.  It  was  a  similar 
story  for  Recourse’s  ManHunt  and  the 
open  source  Snort  program. 

Drowning  under  the  huge  volume  of 
traffic,  most  systems  either  buckled  or  sim¬ 
ply  missed  the  attack  outright. The  Cisco, 
Intrusion  and  Nokia  systems  stopped  log¬ 
ging.  Each  required  a  database  purge  to 
get  going  again  but,  in  fairness,  we  must 
say  that  all  three  recognized  this  attack 


after  we  resuscitated  them. The  Lancope 
Stealth  Watch  and  Onesecure  systems 
didn’t  spot  the  attack  the  first  time,  but 
both  companies’ engineers  offered  guid¬ 
ance  in  reconfiguring  the  systems  so  they 
would  see  subsequent  attacks. 

Vision  test 

With  such  an  abysmal  record  of  flagging 
attacks  in  the  wild,  we  began  to  wonder 
whether  the  IDSs  could  catch  any  attack. 
As  a  sort  of  vision  test,  we  decided  to 
launch  a  controlled  attack  of  our  own.  We 
picked  a  well-known,  3-year-old  attack  that 
exploited  the  Red  Hat  Linux  FTP  server. 

The  good  news  is  that  Cisco,  Intrusion, 
Nokia  and  Snort  products  spotted  the 
compromise  immediately.  However,  the 


IDS  glossary 


Anomaly-based  IDS:  An 

IDS  that  measures  a  “normal" 
baseline  and  then  reports  ex¬ 
ceptions  to  that  baseline  as 
possible  attacks. 

False  positive:  A  report  of 
an  attack  or  attempted  attack 
when  no  vulnerability  existed 
or  no  compromise  occurred. 

False  negative:  The  failure 
of  an  IDS  to  report  an  instance 
in  which  an  attacker  successfully  compromises  a  host  or  network. 

Host  intrusion-detection  system  (HIDS):  Reports  only  on  security  inci¬ 
dents  for  the  host  on  which  it  runs.  See  also  NIDS;  the  only  quantitative  differ¬ 
ence  between  HIDS  and  NIDS  might  be  the  volume  of  traffic  each  sees. 

Honeypot:  A  host  or  network  with  known  vulnerabilities  deliberately  exposed 
to  a  public  network.  Honeypots  are  useful  in  studying  attackers'  behavior  and 
also  in  drawing  attention  away  from  other  potential  targets. 

Intrusion  detection  and  prevention  (IDP):  A  term  used  by  OneSecure 
and  other  vendors  of  in-line  IDS  devices.  By  virtue  of  their  location  in  front  of  a 
protected  network,  IDP  devices  are  supposed  to  intercept  and  stop  attacks 
before  they  occur. 

Intrusion-detection  system  (IDS):  A  collection  of  one  or  more  sensors 
and  zero  or  more  instances  of  management  software  used  to  detect  and  report 
the  existence  of  security  vulnerabilities. 

In-line  monitoring:  A  configuration  in  which  an  IDP  device  works  as  a 
switch  in  front  of  a  protected  network.  In  this  configuration,  the  IDP  devices 
prefilter  traffic  before  it  reaches  hosts  on  the  protected  network.  In  contrast, 
most  IDS  devices  use  passive  monitoring,  which  means  they  observe  traffic  but 
do  not  attempt  to  control  access. 

Network  intrusion-detection  system  (NIDS):  Monitors  traffic  on  net¬ 
works  and  logs  suspicious  behavior.  See  also  HIDS;  the  only  quantitative  differ¬ 
ence  between  HIDS  and  NIDS  might  be  the  volume  of  traffic  each  sees. 

Precision  and  recall:  A  database  query  with  high  precision  returns  every¬ 
thing  the  user  requested  and  omits  nothing.  A  database  query  with  high  recall 
returns  only  what  the  user  requested  and  omits  everything  else.  Databases  usu¬ 
ally  have  high  precision  or  high  recall  but  not  both.  In  querying  an  IDS's  data¬ 
base,  it  is  usually  necessary  to  construct  filters  that  strike  a  balance  between 
high  precision  and  high  recall. 

Sensor:  The  computer  that  monitors  the  network  for  intrusion  attempts. 

Some  sensors  store  all  records  locally,  while  others  send  reports  to  a  console 
application  or  back-end  database.  Sensors  usually  run  in  promiscuous  mode, 
often  without  an  IP  address. 

Signature-based  IDS:  An  IDS  that  uses  pattern-matching  algorithms  to 
t  pare  traffic  with  a  library  of  known  attacks.  A  match  indicates  a  possible 

attack. 

Stateful  matching:  A  means  of  attack  detection  in  which  the  IDS  keeps 
' r  .1  of  connection  state.  For  example,  a  stateful-matching  IDS  won't  flag  an 

P  attack  if  it  wasn’t  preceded  by  a  TCP  handshake. 

—  David  Newman  and  Joel  Snyder 


Lancope,  Recourse  and  NFR  systems 
failed  to  report  a  compromise. 

The  final  vendor,  OneSecure,  also  missed 
seeing  the  FTP  exploit  the  first  time  around. 
OneSecure’s  vision  is  apparently  related  to 
the  way  it’s  deployed  in  networks. 

For  this  test,  we  deployed  OneSecure  in 
passive  mode,  meaning  it  was  attached  to 
the  same  hub  as  the  sacrificial  lamb 
hosts.  But  OneSecure  also  works  in  so- 
called  in-line  mode,  meaning  it  can  sit  in 
front  of  a  protected  network  and  actively 
block  suspicious  traffic.This  time.OneSec- 
ure  reported  and  blocked  the  attempted 
FTP  exploit.  We’re  puzzled  why  One¬ 
Secure’s  IDP  didn’t  see  the  attack  in  pas¬ 
sive  mode;  we  made  no  configuration 
changes  to  the  sensor  or  management 
client  when  making  the  switch. OneSecure 
the  vendor  acknowledged  the  false  nega¬ 
tive  as  a  bug,  and  said  a  corrected  signa¬ 
ture  would  be  available  by  press  time. 

We  also  should  note  that  OneSecure’s  in¬ 
line  mode  performance  wasn’t  perfect. 

Not  long  after  we  changed  it  from  passive 
to  in-line  mode,  the  company’s  own  man¬ 
agement  software  notified  us  that  one  of 
the  sacrificial  lambs  was  sending  out¬ 
bound  trivial  FTP  traffic  to  a  bogus 
address.  On  any  of  the  sacrificial  lambs, 
outbound  traffic  of  any  kind  is  a  sure  sign 
that  the  machine  has  been  compromised. 

A  little  help? 

By  now,  readers  with  security  expertise 
probably  are  asking  why  we  didn’t  tune 
the  IDSs  to  reduce  the  chatter  and  im¬ 
prove  our  chances  of  seeing  real  attacks. 
The  short  answer  is  that  we  did,  or  at  least 
we  tried  to.  Including  setup  time,  this  pro¬ 
ject  stretched  along  three  months;  and 
during  that  period  we  worked  on  these 
systems  almost  every  day 

In  the  last  major  area  of  our  test,  ease  of 
use,  we  found  that  IDSs  don’t  offer  users 
enough  help  in  the  way  of  improving  the 
signal-to-noise  ratio.  All  the  products  we 
tested  assume  that  before  any  tuning 
begins,  the  user  already  knows  what 
attacks  exist  on  the  network. 

That  assumption  is  shaky  on  two 
counts.  First,  security  isn’t  a  full-time  job 
for  most  network  professionals.  As  such, 
they’re  unlikely  to  know  every  attack  they 
might  encounter. 

Second,  the  management  software  for 
the  products  we  tested  offer  cryptic  error 
messages,  hard-to-use  graphic  user  inter¬ 
faces  and  limited  assistance  in  identify¬ 
ing  what  is  and  isn’t  a  real  vulnerability. 
These  products  don’t  offer  anything  like 
expert  systems,  instead  leaving  the  user  to 
puzzle  out  what  actually  happened. 

Consider,  for  example,  a  DNS  alarm 
reported  by  NFR’s  NID200  sensor. The  sen¬ 
sor  reported  a  huge  number  of  alarms 
marked  as  “Non-Internet  Query  class: 
error(user  error),  name  esYxOO.”  followed 
by  a  hexadecimal  string. 

It  took  our  DNS  expert  a  couple  of 
hours  to  identify  the  “attack"  as  harmless 
attempts  to  find  the  root  name  server  for 
Spain. The  NFR  documentation  did  not 
explain  why  this  alarm  occurred;  why  it 
was  classified  as  non-Internet;  or  where 


Three  tips  for 
reducing  false 
alarms 


I 


f  you  decide  to  dive  into  intru¬ 
sion-detection  systems,  these 
tips  might  help  reduce  your  level 
of  false  positives  and  false  alarms: 

1)  Map  your  network. 

Build  a  map  of  your  entire  internal 
network,  identifying  all  the  hosts  and 
services  running  on  them.  The  more 
you  tell  the  IDS  about  what  is  impor¬ 
tant  in  your  network,  the  fewer  false 
alarms  you'll  get. 

For  example,  if  you  have  Apache 
Web  servers,  you  should  tell  the  IDS 
not  to  look  for  attacks  that  are 
based  on  Microsoft  Internet  Infor¬ 
mation  Server  vulnerabilities  on 
those  servers. 

If  you've  patched  a  server  for  Code 
Red,  tell  the  IDS  not  to  bother  re¬ 
porting  Code  Red  attacks  on  that 
server. 

2)  Firewall  your  IDS. 

If  you  don't  put  the  IDS  behind 
your  firewall,  you'll  learn  lots  of 
interesting  things  about  knob-twist¬ 
ing  out  on  the  Internet. 

Unfortunately,  there's  no  point  and 
nothing  you  can  do  with  the  infor¬ 
mation  —  you  can  spend  all  day 
complaining  about  port  scans,  and  it 
won’t  do  any  good.  The  less  traffic 
the  IDS  sees,  the  less  it  can  com¬ 
plain  about. 

3)  Use  reporting  tools. 

Sifting  through  a  pile  of  events 
only  gets  you  mired  down  in  details 
without  giving  you  much  of  a  big  pic¬ 
ture.  IDS  reports,  which  provide 
summary  information  on  what’s 
going  on  over  a  macro  scale,  such 
as  a  72-hour  period,  are  more  useful. 


false  positives  might  occur. 

Cisco’s  Integrated  Event  Viewer  also 
reported  these  DNS  “attacks”  and  com¬ 
pounded  the  confusion  by  burying  spec¬ 
ific  alarms  two  levels  deep  in  its  interface. 

On  the  plus  side,  all  the  commercial 
IDSs  offer  at  least  a  capsule  description 

See  IDS.  page  64 
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of  each  attack. This  is  actually  the  single¬ 
best  feature  of  all  the  products  we  tested, 
as  it  helps  educate  users  about  what  the 
IDS  sees.  Some  products  also  suggest  res¬ 
olutions  to  the  alarms,  information  on 
events  that  could  lead  to  false  positives, 
and  links  to  fixes  and  additional  data. 


The  Nokia  management  software  offered 
all  these  types  of  information.The  Intrusion 
products  suggested  resolution  for  an  IIS 
attack  is  a  bit  more  terse:  It  simply  asks 
users  to  “verify  that  the  latest  patches  are 
installed  ."Even  so,  any  description  of  an 
attack  can  be  helpful,  especially  for  a  user 
seeing  an  attack  for  the  first  time. 

We  also  noted  a  couple  of  minor  usabil¬ 
ity  annoyances  with  the  IDSs  that  made 
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troubleshooting  more  difficult.  With  the 
commendable  exception  of  OneSecure, 
all  IDSs  display  IP  addresses  and  not  host 
names.  With  only  an  address  and  not  a  do¬ 
main  name  with  which  to  work,  it's  harder 
to  figure  out  where  an  attack  might  be 
coming  from. 

Stealth  Watch  was  especially  irksome  in 
this  regard:  it  makes  prominent  use  of 
addresses  and  only  displays  host  names 
deep  inside  a  second-level  menu. 

Second,  most  IDSs  don't  offer  a  means 
of  grouping  hosts  or  networks  together 
under  some  easily  remembered  nick¬ 
name.  The  exception  is  NFR,  which  let 
user-defined  groups  be  set  up  using  its  N- 
code  programming  language. 

Other  devices  allowed  us  to  query 
groups  of  hosts,  but  not  as  a  single 
object.  Intrusions  SNP  product  let  us  run 
queries  for  a  given  host  or  a  given  sub¬ 
net,  but  it  wouldn’t  run  a  query  on  a 
group  on  noncontiguous  addresses,  even 
if  all  were  on  the  same  subnet. 

Wrapping  up 

Don’t  expect  IDSs  to  be  plug-and-play 
devices.To  be  effective,  they  require  a  lot 
of  tuning,  and  a  fair  amount  of  security 
expertise.They’ll  also  require  willingness 
to  spend  a  lot  of  time  sifting  through 
reports,  at  least  until  the  configuration  is 
tuned  properly  Even  then,  IDSs  will 
require  constant  updating  as  new  attacks 
appear.  IDSs  can  be  lifesavers  and  invalu¬ 
able  educational  tools  —  but  only  for 
those  with  a  lot  of  patience  and  a  willing¬ 
ness  to  learn. 

Newman  is  president  of  Network  Test  in 
Westlake  Village,  Calif.,  an  independent 
benchmarking  and  network  design  con¬ 
sultancy.  He  can  be  reached  at  dnewman 
@networktest.  com.  Snyder  is  a  senior  part¬ 
ner  at  Opus  One  in  Tucson,  Ariz.  He  can  be 
reached  at  joel.snyder@opusl .  com. 

Thayer  is  an  independent  security  consul¬ 
tant  and  co-author  of  the  JETF's  RFCs  on 
the  IPSec  road  map  and  the  OpenPGP 
architecture.  He  can  be  reached  at  rodney 
@tillerman.to. 


Global  Test  Allian 


■  Newman  and  Snyder  are  members 

of  the  Network  World  Global  Test  Alliance,  a 
cooperative  of  the  premier  reviewers  in  the 
network  industry,  each  bringing  to  bear 
years  of  practical  experience  on  every 
review.  For  more  Test  Alliance  information, 
including  what  it  takes  to  become  a  mem¬ 
ber.  go  to  www.nwfusion.com/alliance. 

Other  members:  John  Bass,  Centennial 
Networking  Labs,  North  Carolina  State 
University.  Travis  Berkley,  University  of 
Kansas.  Bob  Currier,  Duke  University. 

Jeffrey  Fritz,  West  Virginia  University.  James 
Gaskin,  Gaskin  Computing  Services.  Thomas 
Henderson,  ExtremeLabs,  Inc.  Miercom,  Inc., 
Christine  Perey.  Perey  Research  & 
Consulting.  Barry  Nance,  Independent 
Consultant.  Thomas  Powell,  PINT. 


Security  Training 

for  every  style  &  budget! 


Security  Training  Tools  at 
Your  Fingertips: 


@ 

VIRTUAL 


Virtual:  Online  Webcasts 
•  Microsoft  Windows  2000  Security 


Web-based:  Online  courses, 
certification  tracks  and  online  learning 

•  Network  Security  1:  Policy 

•  Administration  and  Firewalls 


IANDS-ON 


Hands-on:  Classroom  learning 
with  state-of-the-art  equipment 

•  Cisco  Security  Specialist  Boot  Camp 

•  Foundstone  Ultimate  Web  Hacking 

•  Secure  Communications  and  VPNs 
and  many  more! 


CD-Rom:  Interactive  software  for 
self-study  training  and  certification 

•  Managing  Cisco  Network  Security 

•  Microsoft  Windows  2000  Security 


Books:  Self-paced,  self-study 
training  and  certification 

•  Firewalls:  A  Complete  Guide 

•  Security  in  Computing 

•  Intrustion  Detection 

•  and  many,  many  more! 


NetSmart  is  packed  with  all  the  IT  learning  tools  you  need  to  advance 
your  skills,  build  your  knowledge  and  be  successful.  No  more  tedious 
researching  of  catalogs,  libraries  and  books  for  appropriate  options 
and  programs.  Just  point,  click  and  buy  the  training  that  fits  your 
style  and  budget  at  www.nwnetsmart.com. 

Check  out  our  growing  list  of  preferred  partners: 

Amazon.com,  Boson  Software,  Cisco  Press,  Global  Knowledge, 
Infinity  I/O  and  LearnKey! 


www.nwnetsmart.com 


TESTER’S 

CHOICE 

David 

Newman 


6/24/02 


Time-to-market  products:  Who 


Want  to  see  your  switch  or  router  ven¬ 
dors  squirm?  Ask  how  fast  the“time- 
to-market”  version  of  their  10G 
Ethernet  interfaces  will  run. 

Some  vendors  simply  won’t  know,  be¬ 
cause  they  haven’t  yet  done  performance 


testing.  Others  will  hem  and  haw  because 
they  know  their  interfaces  go  nowhere 
near  line  rate.  A  few  honest  souls  may 
admit  their  first  “10  Gigabit”  products  run 
closer  to  3  or  4  gigabits/sec. 

So  where’s  the  disconnect?  Why  does  the 
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security  possible.  And  F5's  Internet  Control  Architecture, 
with  our  open  iControl'"  platform/ API,  pulls  it  all  together 
within  a  truly  seamless  application-aware  network  that 
leverages  your  investment.  Find  out  why  F5  is  the  leader. 
Visit  www.f5.com  or  call  1 -888-882-44 47 . 


►  CONTROL  YOUR  WORLD 
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marketing  collateral  scream  about  10- 
Gigabit  performance  when  early  versions 
deliver  only  a  fraction  of  that  rate?  And  why 
should  network  professionals  pay  for  a 
given  amount  of  performance  or  any  other 
metric,  and  receive  less  in  return? 

The  answer  lies  in  the  curious  phrase 
“time  to  market."  All  too  often,  this  is  a 
euphemism  for  shipping  products  that 
have  no  business  being  outside  vendors’ 
engineering  labs.  These  products  ship 
because  of  vendors’  fears  that  if  they  don't 
ship  something  —  anything  —  their  com¬ 
petitors  will  beat  them  to  it. 

1  don’t  mean  to  single  out  the  10G  Ether¬ 
net  crowd;  there  are  numerous  other  in¬ 
stances  where  vendors  have  gotten  it  fast 
rather  than  right.  Consider  these  examples: 

•  Enterasys  sells  an  excellent  switch  that 
runs  at  10-Gigabit  rates.The  only  problem  is 
that  the  10-Gigabit  interfaces  are  propri¬ 
etary.  In  its  haste  to  bring  product  to  mar¬ 
ket,  Enterasys  has  forsaken  interoperability 
In  fairness,  Enterasys  does  have  standards- 
based  10-Gigabit  Ethernet  products  in  the 
pipeline. 

•  Cisco’s  time-to-market  version  of  an  OC- 
48  line  card  for  its  flagship  GSR  router  oper¬ 
ated  at  a  top  speed  of  between  30%  and 
40%  of  line  rate. This  was  in  1999  and  Cisco 
long  ago  corrected  the  issue,  but  the  short¬ 
coming  helped  opened  doors  for. .. 

•  ...archrival  Juniper  Networks,  which 
shipped  a  time-to-market  OC-192  line  card 
in  spring  2000.  The  card  had  four  internal 
paths,  which  caused  it  to  reorder  packets 
under  heavy  loads.  Whether  reordering  is 
significant  has  been  the  subject  of  a  lot  of 
debate,  but  it’s  a  topic  Juniper  could  have 
avoided  altogether.  Juniper  recently 
shipped  a  newer  OC-192  card  that  doesn’t 
reorder  packets. 

Vendors  could  avoid  these  problems  by 
shipping  products  that  do  what  they’re  sup¬ 
posed  to  do.  Alas,  it’s  not  realistic  to  expect 
good  behavior  when  there’s  money  on  the 
table.  Instead,  here  are  three  simple  steps 
you  can  take  to  help  protect  your  interests: 

Get  what  you  pay  for.  Buying  a  widget 
that  supposedly  offers  10  “dooflingies”  of 
capacity?  Ask  the  vendor  to  prove  you  get 
all  10. 

Test,  test,  test.  Don’t  take  a  vendor’s 
claims  at  face  value. Vendor-commissioned 
“independent”  tests  always  seem  to  prove 
that  vendor’s  widget  works  best.  Run  your 
own  evaluations  or  look  to  truly  indepen¬ 
dent  benchmarks. 

Get  a  road  map.  If  a  vendor  with  a  time-to- 
market  product  promises  a  better  product 
“real  soon  now?  get  a  promise  of  when  that 
product  will  be  available  and  defer  the  pur¬ 
chase  until  then. 

It’s  your  money  vendors  compete  for. 
Whatever  the  claims  on  vendors’  data 
sheets,  don't  settle  for  anything  less  than 
what  you  need  for  your  network. 

Newman  is  president  of  Network  Test  in 
Westlake  Village,  Calif,  an  independent 
benchmarking  and  network  design  consul¬ 
tancy.  He  can  be  reached  at  dnewman@net 
worktest.com. 
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■  CAREER  DEVELOPMENT 

■  PROJECT  MANAGEMENT 

■  BUSINESS  JUSTIFICATION 
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Juggling  resources 

IT  executives  let  business  value  drive  decisions  for  managing  short-term  needs 
and  long-term  strategy. 


■  BY  SUZANNE  GASPAR 

Dow  Chemical’s  2001  merger  with  Union 
Carbide  ate  up  IT  resources  that  were  shifted 
to  support  the  transition  and  that  stalled 
progress  on  other  projects.  It  was  a  matter  of 
aligning  corporate  business  strategy  and 


spending  by  3%, despite  the  company’s  focus 
on  the  business  value  of  technology  invest¬ 
ments.  Scrutinizing,  prioritizing  and  modify¬ 
ing  delivery  dates  and  schedules  of  technol¬ 
ogy  investments  has  become  the  norm, 
Lehrmann  says. 

Balancing  IT  expenditures  is  a  juggling  act 
between  current  costs  and  future  spending. 
However,  a  company’s  strategic  plan  for  IT 
helps  decide  when  and  where  to  spend. 
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of  his  IT  budget 

to  cover  integration  costs 
after  his  company  merged 
with  Union  Carbide. 


benefits,  as  DuFbnt  learned  in  February  when 
it  announced  it’s  plans  to  spin  off  23%  of  the 
company  —  22,000  employees  —  into  the 
DuFbnt  Textiles  &  Interiors  subsidiary 
Initial  strategies  for  securely  partitioning 
the  telecom  network  were  drawn  so  that 
applications  could  get  parsed  out  and  repli¬ 
cated  based  on  the  new  company’s  service 
needs.  But  the  split  also  slashed  technology 
consumption  levels,  which  raised  previously 
shared  operating  costs  that  are  charged  to 
each  department,  forcing  IT  to  re-evaluate 
technology  goals  and  allocations.  Add¬ 
itionally  150  of  DuPont’s  1,000  IT  pros  will 
move  over  to  support  the  new  subsidiary,  which  is  ex¬ 
pected  to  branch  off  by  Jan.  1 . 

Still, the  business  move  will  let  IT  accelerate  the  pace  of 
its  long-term  goal  for  moving  to  SAP  4.6,  says  Diane 
Strickler,  director  of  technology  integration  for  the 
Wilmington,  Del.,  chemicals  and  materials  manufactur¬ 
ing  company. 

The  magnitude  of  work  required  for  creating  a  separate 
SAP  environment  to  support  the  new  business  unit  justified 
upgrading  to  the  next  version. “Accomplishing  two  objec¬ 
tives  at  once  ensures  that  IT  gets  the  maximum  value  out  of 
what  it’s  doing,”  Strickler  says. 

But  Gerald  Shields,  vice  president  of  insurer  AFLAC  in 
Columbus,  Ga.,  discovered  that  immediate  needs  could 
conflict  with  long-term  projects.  A  new  FteopleSoft  system 
could  be  months  away  from  completion,  yet  new  reports 
are  needed  today  that  require  modifications  made  to  the 
payroll  system, Shields  says.’That  happens  every  day  where 
you  have  a  system  coming  in,  but  it’s  six  months  out,  and 
you  have  to  spend  money  to  go  into  today’s  system  and 
make  changes.” 

Project  pipelines  can  help  govern  the  decision  for  IT 
investments,  Lehrmann  says.  Dow  Chemical’s  project 
process  allocates  an  increasing  percentage  of  time  for 
three  separate  stages  of  researching  a  potential  IT  invest¬ 
ment.  Passing  the  third  stage  defines  a  commitment  to  the 
project. 

“We  look  at  the  risk  associated  with  the  economic  viabil¬ 
ity  of  the  particular  investment  opportunity  he  says. 

Strickler  recommends  letting  the  business  heads  make 
the  tough  calls  for  prioritizing  the  to-do  and  wish  lists, 
thus  letting  IT  stay  focused  on  the  technology.  “Anytime 
you  can  have  the  business  making  those  choices,  the  bet¬ 
ter  off, because  invariably  its  going  to  make  someone  dis¬ 
satisfied.  Better  if  they  understand  that  it  was  a  corporate 
strategic  decision  that  was  made,  not  an  arbitrary  deci¬ 
sion  made  by  IT,”  she  says. 

Understanding  the  return  on  investment  is  more  impor¬ 
tant  than  cutting  costs  for  Fannie  Mae.“If  you  can’t  answer 
the  question  about  the  business  value,  whether  you  save 
money  or  not  becomes  less  important,”  Pugh  says.  ■ 
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DWIGHT  CENOROWSJO 


You  asked  for  a  KVM  switch  that  could  do  more.  We  delivered. 

The  Avocent  DS  Series  combines  analog  and  KVM  over  IP™  connectivity  to  give  you 
access  to  your  servers  from  any  location  you  choose.  Our  DS  Series  gives  you  much 
more  than  just  control  of  your  servers.  Now  you  can  use  the  power  of  IP  to  control 
servers,  routers,  firewalls  and  power  devices  -  all  from  a  single  screen!  Plus,  CAT  5 
connections  simplify  installation,  and  our  IP  architecture  makes  adding  servers  as 
easy  as  point  and  click. 

To  learn  how  Avocent  can  deliver  for  you,  download  a  free  KVM  Tech 
ojjde  today  at  www.kvmguide.com  and  see  how  much  more  Avocent's 

DS  Series  can  do. 

Aru: ■-■•t  logo,' "The  Rawer  of  Being  There",  "KVM  over  IP”  and  DSView  are  trademarte  of  Avocent  Corporation.  All  other  marks  are 

Vv  ot  iben  respective  (wnms.  Copyright  V  2002  Avocent  Corporation. 


DSView  gives  you  "Click  and  Connect" 
access  and  control  of  all  the  KVM  and  serial 
devices  in  your  data  center. 


Avocent. 


The  Power  of  Being  There  m 


The  Hub  of  the  Network  Buy 
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2001 
KVM  Access 
over  IP 


1999 
KVM  Access 
over  Cat5 
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KVM  Access 
Over 

Web  Browser 


If  having  remote  access  to 
your  servers  over  IP  means 
installing  proprietary  software 
or  PCI  cards,  that's  not 
convenient,  anywhere,  anytime 
access.  Introducing  the  new, 
multi-port  TeleReach  . 

TeleReach  is  the  easiest,  most 
secure  way  for  one  or  more 
users  to  remotely  access  and 
manage  multiple  servers 
through  a  KVM  switch,  from 
any  PC  running  the  Internet 
Explorer®  4.0  browser. 

To  see  and  feel  the  power  of 
remote  KVM  access  over  Web 
browser,  call  Raritan  Sales  at 
(800)  724-8090  to  sign  up 
for  a  live  demo  from  your 
own  desktop. 
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aritari: 

raritan.com 


Raritan  and  TeleReach  are 


800-724-8090 
732-764-8886 
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Intelligent  KVM  Switch  Technology 
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Explorer  Is  a  registered  trademark  of  the  Microsoft  Corporation 


READY 


"The  Cydades-TS  Series  of  Console  Access  Servers  provides  the  highest  port  density 
and  security  at  a  very  competitive  price.  By  using  Linux  as  the  embedded  OS,  it 
offers  the  flexibility  required  to  manage  our  dynamic  environment. 

The  Cydades-TS  is  a  key  element  to  help  us  keep  our  servers  up  and  running." 

-  Pete  Kumler,  Manager  of  Site  Operations,  Yahoo!  Inc. 


Cydades-TS  Series  Console  Access 

•  1/4/8/16/32/48  RS-232  ports  on  111  of  rack  space 

•  First  Linux-based  Terminal  Server  in  the  market 

•  IP  Filtering,  RADIUS,  and  Secure  Shell  (SSHv2) 

•  Linux,  FreeBSD,  Sun,  HR  and  IBM  compatible 

•  No  unintentional  breaks  (Sun)  rWl  L,NUX 


RequIst  fehywfiBE  CAS  booklet  at  www.cydadi 
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www.cyclades.com 

0®®  ®  1-888-CYCLADES  1-888-252-5233 
ThelinAuxR  ,n  510-770-9727 

Connectivity  sales@cydades.com 

Fremont,  CA 
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Sun™,  Cisco™, 


Try  SharkRacks™.  Our  rack-mount  units  will 
safely  house  virtually  any  19”  EIA  standard  unit. 
Have  Suns?  No  problem.  What  about  Cisco  gear, 
or  Compaq,  or  HP  servers?  Sure.  We  can  rack 
that.  With  SharkRack  you  get  a  great  looking 
cabinet.  Our  space  savings  and  cabling  features 
will  organize  your  systems.  Most  importantly,  with 
our  NetBotz  unit  watching  over  your  systems, 
you’ll  always  know  what’s  going  on.  Call  us  today 
or  log  on  for  more  details  to  see  how  we  can  help 
you  save  space,  keep  cool,  and  look  good. 


vSHARK  877-427-5722 
IrAvK  www.sharkrack.com 


Wondering  How  To  Get  More 
Out  Of  Your  Data  Center? 
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SharkRack™ 
Systems  are  the 
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Compaq™,  HP™ 
and  almost  any 
19”  EIA  standard 
unit.  Our  current 
Sun™  rack-mount 
kits  include: 

•  SunFire™  3800- 
4800  series 
servers 

•  E3500,  E4500 

•  A5000 

•  T-3 

•  Many  more, 
see  web  site 
for  details 


The  SharkRack  LCD  monitor  and 
keyboard  has  TFT  quality  video 
imaging  on  a  sliding  tray  that  is 
only  1.75”  high. 
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The  NetBotz™  RackBotz  unit 
installs  in  a  cabinet  and  monitors 
internal  conditions.  If  a  problem 
occurs,  it  will  send  out  an  alert  by 
email,  pager,  or  other  device. 


Copyright  SharkRack,  Inc.  SharkRack  is  a  trademark  of  SharkRack  Inc,  All  rights  reserved  NetBotz  is  a  trademark  of  RackBotz  Inc.  HP  is  a  trademark  of  Hewlett  Packard,  Inc.  Compaq  is 
a  trademark  of  Compaq  Corp.  Sun  is  a  trademark  of  Sun  Microsystems,  Inc..  Cisco  is  a  trademark  of  Cisco  Systems,  Inc.  All  other  trademarks  are  the  property  of  their  respective  holders. 


phone:  (403)  291-4444 


www.evansonline.com 


fax  (403)  250-6549 


email:  info@evansonline.com 


Great  Room  Service. 


Evans  brings  together  the  finest  in  control  center 
design  services,  consoles,  audiovisual  solutions  and 
specialty  products  to  guarantee  a  complete,  integrated 
and  customer-focused  solution. 


EX/zXI^nIS  first. 


With  over  4,500  successful  projects,  Evans  is  the  world¬ 
wide  leader  in  control  centers. 


Eliminate  Dangerous 
Hot  Spots  in  Your  Racks 


Introducing  APC's  New  NetworkAIR™  RM  Air  Distribution  Unit 


Visit  www.apc.com  to  see  APC's  complete  line  of  award-winning  power 
and  cooling  solutions. 


Benefits  of  APC's  Air  Distribution  Unit: 


As  heat  densities  continue  to  grow  at  an  alarming  rate,  the  traditional 
methods  of  distributing  air  in  a  computer  room  aren't  adequate  to  deliver 
the  necessary  airflow  required  to  cool  today's  data  center  environments. 


APC  presents  the  NetworkAIR  RM  Air  Distribution  Unit,  a  compact 
2U  rack-mounted  fan  unit  that  works  with  an  existing  precision  air 
conditioning  system  to  deliver  cool  air  to  the  equipment  contained  in 
a  rack  enclosure.  An  air  curtain  is  evenly  distributed  to  the  front  of  the 
enclosure  which  provides  consistent  temperatures  from  top  to  bottom. 


•  Increases  airflow  to  rack  equipment 


•  Works  in  both  raised  floor  and  non-raised  floor  environments 


•  Compact  2U  design 


•  Minimizes  air  mixing 


•  Helps  maintain  optimal  environment  for  high  reliability 


•  Improves  air  quality  through  30%  efficient  air  filtration 

(as  per  the  ASHRAE  52.1-1992  standard) 


•  Evenly  distributes  cool  air,  improving  air  circulation 
inside  the  rack 

•  Ensures  maximum  uptime  with  redundant,  dual,  independ¬ 
ently  controlled  blower  fans  and  A-B  power  input  feeds 

•  Fits  APC's  NetShelter®  VX  enclosure  or  other  19" 
EIA-310-D  enclosures  with  removable  bottom  plates 


The  compact  (2U)  Air 
Distribution  Unit  installs 
at  the  bottom  of  the  enclosure  and  sup¬ 
plies  an  air  curtain  to  the  intakes  of  equip¬ 
ment  located  within  the  enclosure,  evenly 
distributing  cool  conditioned  air  throughout. 


Visit  APC  at  PCExpo/TechX  booth 


#3032 


Legendary  Reliability  ' 


Enter  to  WIN  a  FREE  NetworkAIR™  RM  Air  Distribution  Unit 

Visit  APC's  Web  site  at:  http://promO.  ape.  com  Enter  Key  Code  f532y  Call  888-289-APCC  x6434  Fax  401 -788-2797 

©2002  American  Power  Conversion.  All  Trademarks  are  the  property  of  their  owners.  NA2A2BPU5a 
PowerFax:  (800)  347-FAXX  •  E-mail:  esupport@apcc.com  •  132  Fairgrounds  Road.  West  Kingston,  Rl  02892  USA 
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There  Is  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 
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OBSERVER 

S  Ul  T  E 


Quickly  Pinpoint,  Pre-solve  & 
Prevent  Network  Problems 
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Observer 
$ 995 


Expert 
Observer 
$ 2895 


Observer 

Suite 

$3995 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (10/100/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows ®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 

Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Call  800-526-7919  or  visit  us  online  for  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

US  (952)  932-9899  •  Fax  (952)  932-9545  •  UK  &  Europe  +44  (0)  1959  569880  •  Fax  +44  (0)  1959  569881 


NETWORK 

INSTRUMENTS 


©2002  Network  Instruments,  LLC.  Observer,  “Network  Instruments”  and  the  “N  with  a  dot"  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 
All  other  trademarks  are  property  of  their  respective  owners. 
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Your  network  costs  a  fortune... 


NEW 

LOWER 

DDirPQI 


72"  Workstation 

$799 

Stk.  #  C95033 


protecting  it  doesn't  have  to, 

Global  LAN  Furniture 
protects  your  equipment 
for  a  lot  less  money. 


Our  heavy-duty  LAN  Furniture  is  built  to 
last  with  steel-reinforced,  triple-leg  support 
and  lateral  braces.  Built-in  cable  management 
system  hides  unsightly  wires  and  organizes 
and  separates  cables.  Deep  30"  work 
surface,  adjustable  shelves  and  sturdy  server 
shelf  allow  for  easy  integration  of  all  your 
network  equipment,  providing  a  complete 
storage  solution.  Our  96",  72",  48"  and  24" 
wide  units  combine  with  additional  shelves, 
keyboard  drawers  and  casters  for  unmatched 
flexibility  to  meet  your  changing  needs. 


SAVE  A  TON  OF  MONEY 
ON  YOUR  NEXT 
MEDIA  PURCHASE! 
Check  out  our  prices  today! 


24"  Workstation 

$299 

Stk.  #  C20803 


*47 


99 


\ 


GLOBAL 


COMPUTER  a  Systemax 


company 


CALL  1 -8OO-8-GLOBAL 

or  visit  us  online  for  the  LAN  solution  that  is  right  for  you. 

www.globalcomputer.com/go/mag/lan  Ret  #nw6/02 


Server  Management 


LOW 


COST 


SINGLE  USER 


COAX 


- 


away 


Vista™ 

Low  cost  single-user  KVM  switch 
Supports  up  to  64  computers 

,'S  PaSSSj? 


ViewLink™  ..  |  j 

Extends  KVMs  up  to  250  feet 
using  coax  cable 


. 

|  i 

■*SI 


UltraView  Pro™ 

Professional  single-user  KVM  switch 
Supports  up  to  256  computers 


TWISTED  PAIR 


Extends  your  KVM  station  up  to  1,000 
from  your  computer  using  a  CAT-5  cabl 


MULTI-USER  FIXED  CHASSIS 


KVM  RACK  DRAWER 

RackView™ 

Rack  mounted  1U  or  2U  KVM  drawer 
with  optional  KVM  switch 


KVM  SHARING 

Multistation™ 

Up  to  four  KVMs  to  one  computer 
Fully  automatic  KVM  sharing 


jj 

VIDEO  DISTRIBUTION 


CONTROL  IT 

SECURE  IT 

MANAGE  IT 

FROM  ANYWHERE 


ROSE  ELECTRONICS  KVM  switches  allow  single 
or  multiple  workstations  to  have  local  or  remote 
access  to  multiple  computers  located  in  server 
rooms  or  on  the  desktop. 

ROSE  is  a  leading  KVM  switch  manufacturer  with 
the  most  complete  range  of  server  management 
products.  A  KVM  industry  pioneer,  Rose  is  known  for 
its  technically  superior  and  price  competitive 
products. 

From  simple  access  to  complex  configurations, 

Rose  provides  easy  server  management  solutions. 

Call  ROSE  today. 


UltraMatrix™  E-series 
Professional  multi-user  KVM  switch 
2  -  4  KVM  stations  to  1,000  computers 


UltraLink™ 

KVM  digital  remote  access 
over  Ethernet  or  modem 


VideoSplitter™ 

One  or  two  computers 
to  multiple  monitors 


■  Connect  to  remote  computer  over  Ethernet  or  dial-up 

■  Local  KVM  port  to  access  computers  at  UltraLink 
unit 

■  Modem  port  with  dial-back  security 

■  Up  to  1280x1024  resolution,  supports  all  platforms 


MULTI-USER  EXPANDABLE  CHASSIS 

UltraMatrix™  X-series 

Enterprise  class  multi-user  KVM  switch 

4  -  250  KVM  stations  to  1,000  computers 


■  Easy  to  install,  give  it  an  IP  address  and  run  the 
remote  client,  no  licensing  required 

■  Scaling  of  computer  image  reduces  amount  of  data 
sent  and  permits  fast  screen  updates  over  slow  links 

■  Quad  screen  mode  allows  you  to  see  four  servers 
from  one  screen 


CONVERTER 

Translator™ 

Keyboard  mouse  converter  for  Sun, 

Apple,  DEC  Alpha,  or  SGI  Onyx  KVM  converters 


SSL  security  and  passwords  prevents  unauthorized 
access 


ROSE  ELECTRONICS 
10707  Stancliff  Rd. 
Houston,  Texas  77099 


800-333-9343  281  -933-7673 


JM,  ROS 

\T«^electronics 


CANADA  .  ENGLAND  .  GERMANY  .  FRANCE  .  BENELUX  .  AUSTRALIA  .  SINGAPORE 


WWW.ROS 


The  Hub  of  the  Network  Buy 


Fault  Tolerant  Modem  (FTM) 


Delux 


Password/Dial  Back  Modem  (SRM) 


•  Remotely  Configurable 

•  AC  and  -48V  DC  Power  Options 

•  Internal  Filtered  and  Surge  Protected  Power  Supply 

•  Powers  Up  to  Specified  Answer  Rings  and  Baud  Rate 

•  Standard  “AT”  33.6  Kbps  Modem 


Local  RS232  Console  Port  33.6  Kbps  Modem 


•  Up  to  1 00  Individual  Passwords 

•  Audit  Trail  Log  with  Time/Date  Stamp 

•  Remotely  Configurable 

•  Standard  “AT”  33.6  Kbps  Modem 

•  19”  or  23”  Rack  Options  NEBS  Approved 


□ 

□ _ WWW.Wti.com _ (800)  854-7226 

western  telematic  incorporated  Keeping  the  Net.. .Working! 

5  Sterling  •  Irvine  •  California  •  92618-2517 


CyberArmor  Suite 

from  InfoExpress 
www.cyberarmor.com 

©  2001  InfoExpress.  Inc.  All  rights  reserved. 
CyberArmor  is  a  registered  trademark  of  InfoExpress. 


program  execution  acc¬ 
ording  to  your  corp¬ 
orate  security  policy. 
CyberArmor  continu¬ 
ously  selects  the  best 
policy  for  the  current 
environment  and  is  VPN 
aware. 

To  learn  more,  visit 
www.cyberarmor.com 
or  contact  us  at 
info@cyberarmor.com. 


Protect  remote  access 
VPN  and  dial-up  users 
from  trojans,  hackers, 
and  application  exploits 
with  CyberArmor,  the 
award  winning  personal 
firewall. 


Built  for  the  enterprise, 

CyberArmor  is  scalable 
with  centralized  manag- 

keep  the  ment' au,orna,,c  down-  from  your 

loads,  and  transparent  _  ___ 

black  hats VPN  users 

CyberArmor  screens 
network  traffic  and 


Security 


from  Global 


Technology  Associates,  Snc 


$ 


ICSA  Certified 

Box 

System  Software 

Features  include: 

•  High  Performance 

•  Built-in  IPsec  VPN 

•  Stateful  Packet  Inspection 

•  Dynamic  &  Static  NAT 

•  PPP  and  PPPoE  Support 

•  DHCP  Services 

•  DNS  Server 

•  Mobile  VPN  Client  Support 

•  High  Availably  Option 

•  Content  Filtering 

•  Gigabit  Ethernet 

•  Secure  Remote  Management 

•  Email  Proxy 

•  Alarm  Notification 
•Time  Base  Access  Control 


Firewall  Appliances 


GB-1000  Firewall/VPN  Appliance 


High  performance, firewall  with 
unlimited  user  licenses,  transparent 
NAT,  stateful  packet  inspection,  built- 
in  IPSec  VPN,  four  10/100  Ethernet 
interfaces,  DCHP  server,  DNS  server, 
secure  remote  management  and 
content  filtering  in  a  1 RU  case.  High 
Availability,  gigabyte  Ethernet  and 
additional  interfaces  are  optional. 


L 

L. 

**••*  Cm* 

BoX  Htewall 

RoBoX  Firewall 

Remote/branch  office  firewall  for  up  to  25 
concurrent  outgoing  users.  Features  include 
transparent  NAT,  stateful  packet  inspection, 
built-in  IPSec  VPN,  content  filtering  and  three 
1 0/1 00  fully  configurable  Ethernet 
connections  packed  in  a  6" square  case. 

Big  security  for  small  offices! 


Firewall  Software  Systems 


GB-Flash 

All  the  power  of  the  ICSA  certified  GNAT  Box  system 
software  on  an  easy  to  install,  solid-state  flash 
memory  module  that  plugs  into  the  system 
motherboard.  Features  include  transparent  NAT, 
stateful  packet  inspection,  built-in  IPSec  VPN,  DCHP 
server,  DNS  server,  secure  remote 
management  and  content  filtering. 


GNAT  Box  Pro 

Simple,  powerful  ICSA  certified  firewall  solution.  It 
runs  and  boots  from  a  floppy,  requiring  only  a  486 
CPU  and  16MB  memory.  Features  include  built-in 
IPSec  VPN,  secure  remote  management  and  support 
for  hundreds  of  network  cards  including  gigabyte 
Ethernet. 


Sales:  (800)  775-4GTA 
Tel:  (407)  380-0220 
Email:  info@gta.com 
Web:  http://www.gta.com 


«\.es,  lnc 


Global 

^Technology 
f  Associates,  Inc. 
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How  do  you  reboot  l6 

equipment  units... 


using  Zero  U 

of  rack  space? 


D  Sentry  POWER  TOWER  :  Your  Zero  U  Reboot  Solution 


3. 


;  Install  the  new  Sentry  Power  Tower  In 
:  your  data  center,  NOC  or  co-to  facility 
and  gain  the  advantage  of  remotely 
rebooting  up  to  16  of  your  equipment 
units  -  without  occupying  any  space  in 
your  rack  or  enclosed  cabinet 

;  Try  the  New  Sentry  Power  Tower  in  your 
rack  or  cabinet  and  realize  the  benefits 
of  Intelligent  Power  Distribution  and 
Remote  Power  Management 

See  our  complete  product  line  at  wwwsenrertech.com 
or  call  800835.151$  or  775.rt4.aooo 


it  -emourty  addressable  power  outlets  - 
The  highest  density  available  of  any 
Remote  Power  Management  vertical  strip. 
30-amp  power  input  feed  distributed 
across  16  outlets. 

Mounts  vertically  In  your  equipment  rack  or 
cabinet  and  requires  Zero  U  or  rack  space. 
Load  Sense  provides  real  time  current 
monitoring  in  the  remote  screen  interface 
and  through  a  built-in  LED  display  for  on¬ 
site  measurement. 

Power-up  sequencing  of  all  16  outlets 
prevents  an  In  rush  current  overload. 
Telnet.  SNMP,  Modem  or  RS-232  interfaces  for  easy, 
practical  and  secure  power  management  of  remote 
internetworking  equipment. 


tj - — 


02001  SenraTsrhnokmliK.SenlnrbatratlMMrkofSanwltKAnofogyiric. 


MM 


This  is  the  way  to  learn! 

Recognized  for  technical  accuracy,  our  dynamic  courseware  lets  you  engage  with, 
relate  to  and  learn  from  experts  right  at  your  desktop. 


•  Engaging  presentation 

•  Motivating  instruction 

•  Accurate  information 

•  Practical  and  proven  -  a  99%  pass  rate! 

•  Convenient  and  affordable 

Take  advantage  of  the  special  offers  below 
and  find  out  why  this  is  the  way  to  learn! 


LearnKey  Trai 


Special  savings*  on  these  great  titles: 

15  Sessions  $  795  req.si.oas 


MM 


Win  2000  MCSA  Core  Series  _  ,  _  — 

Win  2000  MCSA  Plus  Series  iw>thA+ 6 Networks)  27  Sessions  $1,415  req.s1.92s 

Windows  2000  Core  Series  *"* — : —  *  °“c  . 

Windows  XP  Professional 
Office  XP  Professional  Series 
Office  2000  Professional  Series 


19  Sessions  $  995  rug.  Jl  ,355 

6  Sessions  $  370  req.  S  495 

15  Sessions  $  585  req  s  785 

18  Sessions  $  675  req  S895 


# 


leamKcv 

NETWORK  •  ONLINE  •  CD-ROM  •  VIDEO 

M  I  c  r  •  s  •  1 1  *  •  C  •  m  p  T  I  A  ”  •  Novell*  •  Cisco*  •  letei*  •  A  Aoko"  •  Ue»i  •  CIW 

Learn  From 

1.800.865.0165  •  AvailableONLYatlearnkey.com/networld  The  Experts" 

©  7001  U*r*K*y,  Im.  IK042402  ‘Umlled  tin*  *H*t,  10»*  r*>trlcltoei  P»k*i  11*0*4  *r*  Hr  Sl«|l*-U«*rs  PU*i*  Mil  tor  ■•IH-Umi  prUlng  1 


SENSAPHONE® 

IMB-4DDD 


Sends 


Monitors 


Embedded 


Sends 


Power 


Internal 


Power 

Control 

Interface 


Ethernet 

Port 


Modem 
&  Pager  Port 


(Temperature,  Humidity, 
Water,  Motion,  Power, 
Smoke/Fire) 


Monitoring 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 
»  Remote  power  control 

«  Optional  camera 

BMfli 


- 

\  wwW.ims— 4000.  com 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 


Phonetics,  Inc. 
901  Tryens  Road 
Aston,  PA  19014 


If  you're  responsible  for  safeguarding  your 
organization’s  intellectual  assets  and  enterprise 
networks,  SilentRunner  is  your  next  step  in 
security  technology.  Our  patented  Network 
Security  Analysis  products  provide  you  the  abil¬ 
ity  to  cost-effectively  safeguard  your  electronic- 
property  by  correlating  remote  and  internal 
communications  and  data  into  critical  decision¬ 
making  information. 

SilentRunner  s  state-of-the-art  visualization 
technology  further  empowers  organizations  to 
solve  complex  problems  by  expediting  network 
security  and  network  management  decision¬ 
making  efforts. 


Information  Rules.  Protect  Yours. 
For  your  free  "Risk  Management 
&  Security"  White  Paper,  visit 
w  wxv  .silentrunner.com,  or  call 
800-842-2366  ext  2  today. 


SilentRunner 

www.silentrunner.com 

tH9  Imcrruiiunal  Drive  •  Unifucuni.  Mil  21091)  •  H009H2  2.V16 


Dial  Access  Solutions 


PCI  Multi-modem  Adapters 


Provide  4  or  8  V.90/V.34  data  and  fax  modems 
in  one  easily-installed  easily-configured  adapter. 


4  and  8-port  adapters 


Scalable  to  32  ports  per  server 


Lowest  CPU  utilization 


Installs  in  minutes 


Requires  no  interrupts 


Compare  for  yourself! 

Dial  Access  at  its  best! 


Equinox  Multi-modem  Adapters 
provide  up  to  44%  savings  over  the 


Fax  server 
Dial  access 
Data  collection 
Modem  pooling 
Internet  access 


leading  competitors  of  similar  products 


fry  before  you  buy! 


Call  1-800-275-3500,  ext.  615 
for  a  FREE  30-day  evaluation! 


or  email:  sales@equinox.com 


For  more  infomation  on  Equinox  products  visit  our  website  at  -  www.equinox.com 


an  Avocent  Company 


Cisco  Pouter 
and  Switch  Poster 


Cisco 


Routers 

Switches 

Hubs 

Voice  Over  IP 

Memory 

Security 

Interface  Modules 
Port  Adapters 
Wireless 


World  Data  Products  introduces  its  new  Cisco 
Router  and  Switch  poster.  It  provides  at-a-glance 
information  on  model  capacities,  interface  cards 
and  available  features. 

The  Cisco  Poster  is  a 
valuable  tool  for 
network  planning. 

Call  877.231.2451  or 
visit  www.wdpi.com 
to  request  your 
FREE  Cisco  Router 
and  Switch  poster. 


Buy  •  Sell  •  Lease  •  Repair  •  New  •  Refurbished  •  Used 

www.wdpi.com  •  877.231.2451  •  cisco@wdpi.com 

121  Cheshire  Lane,  Minnetonka,  MN  55305  U.S.A. 


Instantly  Search  Gigabytes  of  Text 


dtSearch* 


The  Smart  Choice  for 
Text  Retrieval®  since  1991 


"Superb  ...  a  multitude  of  high-end  features"  —  PC  Magazine 

"A  powerful  text  mining  engine  ...  effective  because  of 
the  level  of  intelligence  H  displays"  —  PC  Al  *.  '*• 

"Very  powerful  ...  a  staggering  number  of  ways 
to  search"  —  Windows  Magazine  _  f  ® 

.1*14  C/n^bu>L 

"Impressive"  —  PC  Magazine  Online 

"A  tremendously  powerful  and  capable 
text  search  engine" —  Visual  Developer 

"Intuitive  and  austere  ...  a 
superb  search  tool"  —  PC  World 


Fast  precision  searching 

♦  over  two  dozen  text  search 
options 

♦ indexed,  unindexed,  fielded 
and  full-text  searching 

Organization-wide  reach 

♦  highlights  hits  in  HTML  and  PDF 
while  keeping  embedded  links 
and  images  intact 

♦  converts  other  file  types  —  word 
processor,  database,  spreadsheet, 
email,  ZIP,  XML,  Unicode,  etc.  — 
to  HTML  for  display  with 
highlighted  hits 

1 -800-IT-FINDS 
www.  dtsearch.  com 

sales@dtsearch.com 


Desktop 

Find  anything, 
anywhere, 
instantly  ♦  $199 


Spider  and  search 
Web  sites  ♦  induded 
with  all  products 


Network 

Search  the  many 
forms  of  data  that 
exist  across  a  large 
enterprise  network 

♦  from  $800 


Add  power 
searching  to 
a  product 

♦  extensive 
sample  source 
code  in  multiple 
programming 
languages 

♦  from  $ 999 


Add  instant 
searching  to  your 
site  ♦  5999  per  server 


Stop  by  www.dtsearch.com 
for  30-day  evaluation  versions 


WHAT  DO.. 


^  Princeton  University 

— 

■ 

f  The  US  Treasury  Department 

a  The  Democratic  National  Committee 

m-'/sw 

^  Blue  Cross  Blue  Shield 

•■■v  i  /a  1 
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have  in  common? 


They  all  chose  FAST  LINKS  to  handle 
their  needs  for  wireless  WAN  connectivity. 


Call  FASTLINKS  today 
and  see  what  sets  them  apart 
from  others  in  the  field  of 
wireless  integration.  * 


TMT 


www.wirelesswans.com 
(877)  877-0176  toll  free 


FAST  LINKS 


I 

t 


1 7  TFT  lURACK  MOUNT  DISPLAYS 


With 


Adjustable  length  ball 
bearing  slides. 

Also  in  black  and  with 
locking  front  panels. 
Made  in  the  USA. 


1-800-729-7654 

Web:  www.recortec.com 
Email:  sales@recortec.com 


17”  Display  Only 


RECORTEC,  INC. 

1 620  Berryessa  Road  San  Jose,  Ca  95133 
Tel:  (408)  928-1 480  Fax:  (408)  729-3661 


Looking  ^4^ 
for  Solutions? 


With 

Network  Work 

Brodlfct  Find 

Si UGan  finlml 


Pjgjfduct  Finder,  V 
located  on  Network  \ 
World  Fusion,  allows  you  \ 
to  search  for  products  and  \ 
services  by  technology.  Ven¬ 
dor  listings  appear  with  a 
product/service  description 
and  include  a  link  to  each 
vendor's  website.  Solutions  in 
one  convenient  site. 


w.nwfusion.com/productcentral  ‘ 


Seeking  Solutions  ...NTI  Has  The  Answers! 

MULTI-USER 
SERVER 
CONTROL 
IS  EASY! 

Control  from  two  computers 
to  hundreds  of  servers  - 

NTI  has  the  innovative  KVM 
solution  for  you. 


“I  want  flexible  control 
without  spending 
a  fortune!” 


I  Users  individually  command  or 
simultaneously  share  up  to  512 
computers. 

I  Available  with  2,  4,  or  8  user  ports. 

I  Dedicated  internal 
microprocessors  that  emulate  the 
keyboard  and  mouse 
presence  to  each  attached 
computer  so  all  computers  boot 
error-free  100%  of  the  time. 

I  Crisp  and  clear  1900x1200 
resolution. 

I  Compatible  w/all  PCs,  SUNs  & 
MACs. 


1275  Danner  Drive  •  Aurora,  OH  44202 
330-562-7070  •  FAX:  330-562-1999 

BUY  ONLINE  at  www.ntil.com/sn 
Email:  sales@nti1.com 
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Contact  these  companies  today  to  help  you  with  your  training  needs! 


Boson  Training  ^ 

(813)  925-0700 
I  www.bosontraining.com 
CCIE,  CCNP,  CSS1,  CCNA,  Cisco, 
wireless,  CISSP 


Learnkey  Inc.  ^ 

(800)  865-0165 
I  www.learnkey.com 
Self-paced  online  CD  network 
certification  developer  bus/apps 


PMG  NetAnalyst 

(800)  645-8486 
I  www.NetworkTraining.com 
|  Network  Forensic  Analysis  and 
Security  Training  and  Services 


NETS 

(800)  828-2050 
|  www.wavetech.com 
IT  Certification  Boot  Camps  with 
I  Guaranteed  Success 


Infinity  I/O 

j  (800)  990-0955 
|  www.infinityio.com 
Fibre  Channel  &  SAN  Training 
I  &  Certification 


George  Washington  Univ 

(202)  973-1175 
[  www.cpd.gwu.com 
Oracle  DBA  Cisco  CCNA  Java 
wireless  networks 


i’j  Jii'jf  ibijjjj  jJj/j 
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^  NetWOrkWorid  NetSmart  Learning  Partner 


The  Hub  of  the  Hetwork  Buy 


MarketPI 


LIQUIDATION  OF  100r000  SQ.  FT.  VOICE  OVER  DSL  FACILITY 


10:00AM,  FRIDAY,  JUNE  28  •  SAN  JOSE 
INSPECTION  &  SALE  SITE:  5400  HELLYER  AVE.,  SAN  JOSE.CA 

INSPECTION:  Thursday,  June  27,  9am  -  5pm  &  Friday,  June  28,  9am  -  12noon 

Bid  Live  On-Site  Or  Bid  Via  Your  PC! 


MULTI-MILLION  DOLLAR  VALUATION! 


Telecomm  Test  Equipment  •  Bulk  Call  Generators 
•  Servers  •  Networking  •  Telecomm  Servers  • 
Notebooks  &  PC's  •  Monitors  •  Printers  • 
Office  Furniture  &  Business  Machines 


A  _  SEE  OUR  WEBSITE  FOR  MORE  INFORMATION  &  PRELIMINARY  EQUIPMENT  LIST: 

CowanAlexander,  llc  ^  «i  i 

QQQ  Q7i-  cnin  www.CowanAlexander.com 

OOOmO /  J-jULLF  OFFICES:  LOS  ANGELES  •  PORTLAND  •  AUSTIN  •  SAN  FRANCISCO 


For  tv>o re  information 
on  ac/s/ertisin^  In 
^ctworfc  Worlds  Marffet^(ace 
contact;  Br)t cu  Go^ale? 
800-&1X-1108  ext.  6Y65, 
e^of>a!eSnww«coivi 


WRC 


NEW 


NET 

800-699-972 2 

»  USED 


Wort0«w»»  PrevMw  or  NoNnxt  Hvom  •> 


AUTHORIZED  RESELLER 
Access/Routers/Switches 
Cisco  Livingston  Ascend 
3Com  US  Robotics  Kentrox 
Adtran  BayNetworks  Xyplex 
Computone  Digital  Link 
Modems  /  DSU  /  Muxes 
IBM  UDS  Codex  Hayes  GDC 
Micom  Microcom  Paradyne 
ATT  MultiTech  Penril 
Racal  Telebit  Zoom 

WE  BUY  AND  SELL 
www.wrca.net 

800-699-9722 


FIBER  OPTIC 
SOLUTIONS 

•  T1/E1  &T3/E3  Modems 

•  RS-232/422/485  Modems  and 
Multiplexers 

•  IBM  3270  Coax,  AS/400  Twinax,  and 
RS/6000  Modems  and  Multiplexers 

•  LAN  -  Arcnet/Ethernet/Token  Ring 

•  Video/Audio/Hubs/Repeaters 

•  ISO  -  9001 

s.i.TECH 

Toll  Free  866-SITech-1 
630-761-3640,  fax  630-761-3644 

www.sitech-bitdriver.com 


New  &  Used 

■ 

Fully  Guaranteed 

0  HB 

Overnight  Delivery 

We 


Sell 


CISCO 


800.451.3407 


•  Drive  Suite  110.  Santa  Barbara.  CA  93117 


Routers 
Switches 
Interface  Modules 
Access  Servers 
Accessories 


www.nGtworkhardwarG.com 

BUY  ONLINE 
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NETWORK  HARDWARE  RGSALG 


V:;/  View  Cart 


fY  Clear  Cart 


FACTORY  DIRECT 
FIBER  OPTIC  PRODUCTS 

Jumpers,  Pigtails,  Termination  Boxes, 
Preconnectorized  Backbone  Cable, 
Mode  Conditioning  Cables, 
Ethernet  Converters  and  Switches, 
CAT5  Products,  Photonic  Devices 

www.fiberdyne.com 

/Ifiberdyne  LABS,  INC. 

l-(800)  894-9694 
(315)  895-8470 
Fax  (315)  895-8436 


Products 
pur  chased  as 

a, result  of 


Mar kjetplace  cuts, 


products 

* 

v  Ethernet 
Cards 

S  Netware 
products 
S  Modems 
S  Testing 
equipment 
S  Multiplexers 
S  File  Servers 
*$  edt.  ■: .  l 
d  wfc. 
wJc. 


Smartronix  _ 

PDA  Based! 


Network 
Test  Tool 

*699 

10/100  Ethernet  LAN  Tester 


Design  Engineers: 

Evaluate  &  test  new 
equipment  under 
development 
Network  Engineers: 

Determine  faulty 
NIC  cards,  wiring,  & 
network  equipment 


(Palm  handheld 
included) 


►  Displays  network  utilization,  packets 
&  statistics 

►  Captures  81  generates  various  error 
packets 

►  Network  load  testing  function 

►  Full  auto  negotiation  half/full  duplex 


Toll  Free  1-866-442-7767 
www.smartronix.com/products 


LIQUIDATION  !!;  New,  Refurb,  Used. 

BAY/NORTEL  NETWORKS,  XYLOGICS, 
LUCENT/AVAYA 

$  90  %  Off  List  Price  Guarantee 
$  Over  2000  items  in  stock 
$  Same  Day  Shipping  _ 

at  no  extra  cost  $  Baystack  asn  base  unit  32m  (af0002009)-  $250 

$  Quad  port  synch.  fre2-040  16mb  Hi  (74003-16)-  $800 
$  Adapteon  5399  dual  wan  (pri  or  channelized  tl) 
(888)410-2822  remote  access  concentrator  (cx!004e39)  -  $750 

Email:  eric@seniometworks.com  http://www.seniornetworks.com 


Buy,  Sell  or  Announce 

Network  Products 
and  Services  with 
Network  World's  Marketplace 
Call  800-622-1108  ext.  6507 


Extend  the  life  of  your 

Networking  Budget 


Your  Alternative  to  factory  New  products 


A-1  Quality  Pre-Owned  Tested  Equipment 
50-85%  Savings  off  List  Prices 
120-Day  Limited  Warranty 
100%  30  Day-Money  Back  Guarantee 
Large  Inventory,  Same  day  Shipping 
Extended  Warranties  Available 
Professional  Quality  Packaging 


Request  a  Quote  on-line  at: 
www.bizint.com 
e-mail:  info@bizint.com 

(877)  438-2494 

or  (315)  458-9606 


(Wi 


Your  global  alternative 
to  factory  new  products 


We  Buy,  Sell,  Trade  and  Lease. 


CISCO,  EXTREME,  JUNIPER.  BAY/NORTEL,  3COM.  FOUNDRY,  CABLETRON 


N^RTELnetworks 


lifii  SESSM  Bay  Networks 

BROWSING  THE  AUCTIONS? 
Consider  What  You  Get: 

National  LAN  Exchange  Auctions 


•  Nortel  Service  Contracts 

•  Nortel  Service  Renewals 

•  Next-Day  Hardware 
Replacement 

•  Free  Technical  Support 

•  One  Year  Warranties 

•  New  and  Used  Equipment 

•  Hundreds  of  Pieces 
in  Stock 

•  Design/lnstall  Services 

•  Fast  Overnight  Delivery 


■  No  Service  Contracts 

•  No  Service  Renewals 

•  No  Replacements, 

No  Guarantees 

•  No  Support 

•  No  Warranties 

•  Who  Knows? 

•  Sometimes  Available, 
Sometimes  Not 

•  No  Services 

■  Inconsistent  Delivery 


YjBmm 


mm 


Make  the  Smart  Choice 


www.NLE.com 
New/Used  •  Buy/Sell 
National  LAN  Exchange 


888-8LANWAN 

(888-852-6926) 

2. 
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APAR  INFOTECH 
CORPORATION 


Multiple  positions  available  for 
Programmer  Analysts,  Software 
Engineers  and  Project  Managers 
Must  be  willing  to  travel  and 
relocate  frequently,  must  possess 
work  experience  in  a  computer 
software  environment  and  must 
have  knowledge  and  proficiency 
in  one  or  more  of  the  following 
skiil  sets: 

DBA:  Oracle;  Sybase 

ERP/CRM  SAP  R3.  ABAP/4. 
Application  Modules,  Oracle 
Applications  and  tools,  Broadvi- 
sion,  Siebel.  Clarify,  Vantive 

Mainframe  UNISYS  2200,  IMS 
DB/DC.  DB2,  CICS,  COBOL. 
MVS,  ADABAS,  NATURAL 

Midrange  AS400.  JD  EDWARDS 

Client  Server  Visual  Basic,  ASP. 
ColdFusion,  SOL  Server,  Oracle, 
Sybase,  Developer  2000,  De¬ 
signer  2000.  PowerBuilder, 
UNIX,  C,  C++,  VC++.  OOAD, 
Java.  HTML.  Active  X,  E-Com¬ 
merce.  Unix  System  Administra¬ 
tion.  WIN  NT  Administration, 
Weblogic 

Programmer  Analyst  positions 
require  a  Bachelor's  degree  in 
Computer  Science,  Engineering 
or  related  field  and  1 2  months  of 
work  experience. 

Software  Engineer  positions 
require  a  Master’s  degree  or  a 
Bachelor’s  degree  and  5  years  of 
post-baccalaureate,  progressive 
work  experience  to  be  equivalent 
to  a  Master's  degree  in  Computer 
Science,  Engineering  or  related 
field  plus  2  years  of  work  experi¬ 
ence. 

Project  Manager  positions  require 
a  Master’s  degree  or  a  Bachelor's 
degree  and  5  years  of  post-bac¬ 
calaureate.  progressive  work 
experience  to  be  equivalent  to  a 
Master’s  degree  in  Computer 
Science,  Engineering  or  related 
field  and  2  years  of  work  experi¬ 
ence  as  a  Project  Team  Leader 
or  other  project  management 
position.  Must  be  knowledge¬ 
able  and  proficient  in  estimating 
time  and  labor  resources  neces¬ 
sary  to  complete  project  and 
defining  project  requirements. 

Only  qualified  U.S.  applicants 
should  submit  a  resume  and 
cover  letter,  clearly  indicating  the 
position  for  which  the  applicant 
is  applying  to: 

Recruiting  Manager, 

REF.  CODE:  CW0602 
Apar  Infotech  Corporation 
160  Technology  Dr. 
Canonsburg,  PA  15317 
(724)  745-7100 
Website:  www.apar.com 
Email: 

recruiter  June02  @  apar.com 


COMPUTER  PROFESSIONALS 
Opportunities  for: 

•  WEB  ARCHITECTS/ 
DEVELOPERS 

•  SYSTEMS  ANALYSTS 

•  WEB  GRAPHIC  DESIGNERS 

•  NETWORK  ENGINEERS 

•  PROGRAMMER/ANALYSTS 

•  SOFTWARE  ENGINEERS 

SKILLS: 

•  COLD  FUSION  •  SPECTRA 

•  ORACLE  •  VISUAL  BASIC 

•  VISUAL  C++  •  SIEBEL  •  ASP 

•  COM,  DCOM  •  JSP  •  HTML 

•  JAVA.  JAVA  BEAN  •  EJB  JAVA 
SERVLETS  •  WEBSPHERE 

•  IBM  MQ  SERIES  •  XML,  UML 

•  MTS  •  CLARIFY  •  PERL 
•OBJECTPERL  •  SPYPERL 

•  SMALLTALK  •  PL/SQL 

•  VISUAL  AGE  •  COBOL.  SPL. 
UNIX 

Visit  our  website  @ 
www.computerhorizons.com 

Attractive  salanes  and  benefits. 
Please  forward  your  resume  to: 
H  R  Mgr  ,  Computer  Horizons 
Corp.  49  Old  Bloomfield  Avenue, 
Mountain  Lakes,  New  Jersey 
07046- 1 495  Call  973-299-4000. 
E-mail:  jobs@computerhonzons. 
com.  An  Equal  Opportunity  Em¬ 
ployer  M/F. 


First  Data  Corporation  has  an 
opening  in  our  Montvale,  NJ 
office  for  a  Quality  Assurance 
Engineer  to  develop  complete 
plans  for  the  testing  and  quality 
assurance  of  software  systems 
including  e-commerce  projects. 
Successful  candidates  should 
have  a  bachelor's  degree  in 
computer  science  and  at  least 
four  years  of  related  experience 
in  software  quality  assurance. 
Candidates  must  also  have 
working  knowledge  of  Java  En¬ 
terprise  application  development 
including  Java  Scripting,  SQL 
Server,  Silk  Products  testing 
tools  and  Broadvision  Enterprise 
application  developer.  Interested 
candidates  should  send  re¬ 
sumes  to  Norm  Barnett,  First 
Data  Corporation,  6200  S. 
Quebec,  Greenwood  Village,  CO 
80211. 


ET2S 

Network  Service  Solution* 


NET2S  is  a  leading  International 
Consulting  and  Engineering  firm 
specializing  in  communications 
technologies.  We  are  presently 
seeking  to  fill  the  following  posi¬ 
tions: 


•  Sr.  SAN/Unix  Engineer 
•TIBCO  Engineer 


•  Sr.  Security  Systems  Engineer 

•  Sr.  Tibco/MQSeries  Developer 


All  positions  require  BS/MS 
degree  with  a  minimum  of  2  to  3 
years  of  experience  in  the  field. 
Must  possess  excellent  commu¬ 
nication  skills  as  well. 


NET2S,  82  Wall  Street  Suite  400, 
New  York,  NY  10005;  Fax:  (212) 
279- 1 960;  Phone  (21 2)  279-6565; 
or  Email:  iobus-nv@ net2s.com 


COMPUTER  PROGRAMMER 
to  develop,  test,  analyze,  imple¬ 
ment  and  maintain  programs  using 
VBScript,  ASP,  JavaScript,  CICS, 
DB2,  VS  COBOL  and  SQL  Server 
on  IBM  mainframe,  UNIX,  Win¬ 
dows  NT  and  ISS  for  online 
transactions.  Require:  Bachelor 
(or  equivalent)  in  Business  Ad¬ 
ministration,  Computer  Science 
or  related  and  two  years  experi¬ 
ence  in  the  job  offered.  Salary: 
$65,000  per  year,  8  am  to  5  pm, 
M-F.  Apply  with  resume  to:  Human 
Resource  Manager,  Lawrence 
&  Associates,  Inc.,  12882 
Manchester  road,  Suite  204, 
St.  Louis,  MO  63131. 


Database  Administrators  need¬ 
ed.  Positions  available  for  can¬ 
didates  possessing  MS/BS 
degree  or  equivalent  and  rele¬ 
vant  work  experience.  Duties 
include:  Installing,  upgrading 
and  customizing  Oracle  data¬ 
bases;  analyzing  data  and 
designing  and  modifying  forms 
and  reports.  Work  with  3  of  the 
following:  PL/SQL,  Unix,  NT 
and  Linux.  Mail  resume,  refer¬ 
ences  and  salary  requirements 
to  The  Dash  Corporation,  7320 
Fabion  Drive,  Austin,  TX  78759. 


Currency  Systems  International, 
Inc.,  an  Irving  TX  manufacturer 
of  currency  processing  equip¬ 
ment,  is  seeking  several  IT/ 
Engineering  Professionals  at 
various  levels.  Applicants  please 
e-mail  resumes  to  hr  ©currency 
systems.com.  No  phone  calls 
will  be  accepted. 


We  search  for  Senior  Web  Ar¬ 
chitects  with  the  following  skills 
for  ourLawrenceville  Data  Cen¬ 
ter:  Mastery  of  Microsoft  tech¬ 
nologies  and  products.including 
Windows  2000  Server,  Internet 
Information  Server,  SOL  Server 
2000and  VBScript  is  necessary. 
Proficiency  in  HTML  and 
JavaScript  required. Bachelor's 
degree  with  significant  experience 
with  Web,  database  and 
DNSservers  and  maintenance  in 
a  Windows  environment  is  also  re¬ 
quired.  Please  mail  your  resume 
to:  Saks  Incorporated.  Corporate 
Human  Resources,  2303 
Brunswick  Pike,  Lawrenceville, 
NJ  08648 


Computer  Programmer  II  to 

develop  and  write  computer 
programs  according  to  customer’s 
project  specifications  to  store, 
locate  and  retrieve  credit  data 
and  information  and  to  code, 
test,  implement  customer  appli¬ 
cation  programs  on  midrange 
Unix  platform  using  primarily  C. 
SQL,  and  Oracle  database,  and 
provide  ongoing  support.  Require 
BS  or  foreign  equivalent  in  CS, 
CE,  or  CIS  and  proficiency  in  C, 
SQL,  Oracle  database.  Unix  shell 
script,  and  Unix  platform.  40hrs/wk. 
Contact:  Wendy  Hill,  Recruiting, 
Equifax,  1525  Windward  Con¬ 
course,  Mail  Drop  42A,  Alpharetta, 
GA  30005.  Ref.  Code:  GA-ZXJ. 


Sr.  Network  Admin:  You  will 
ensure  24x7  availability  of 
servers  for  Oracle,  SQL,  Access, 
Exchange  &  web  services,  incl. 
h/w  and  s/w  in  a  heterogeneous 
UNIX/Windows  NT  &  2000 
environment.  You  will  support 
needs  analysis  and  expansion 
planning;  provide  user  support 
and  training;  ensure  both  acces¬ 
sibility  and  security;  configure 
and  support  upgrades;  and 
performance  tune  all  compo¬ 
nents  and  apps.  Req.  5+  yrs  exp 
in  software  support,  3+  yrs 
of  which  incl.  network  admin  in 
heterogeneous  network  and  OS 
environments.  No  visa  sponsor¬ 
ship.  Principals  only.  Send  resume 
to:  PTC  Therapeutics,  Inc.,  ATTN: 
Hum.  Res.,  Job  Code  06-1 01 OG, 
1 00  Corporate  Court,  South  Plain- 
field,  NJ  07080  or  by  fax  to  908- 
548-9992. 


Systems  Analyst  for  design  of 
client/server  applns.,  XML  web 
applns.,  &  graph,  interfaces  with 
MS  tools,  Oracle  PL/SQL,  SQL 
'Plus,  Dev.  2000,  Microstrategy 
rpts.  on  Windows  2000/NT.  Use 
Visual  Interdev,  Dreamweaver, 
Flash  &  Fireworks  in  web  dsn.  & 
code  dbase  triggers  with  shell 
scripts  &  store  procs.  Prep,  specs., 
doc.  code  dev.,  testing,  and  de¬ 
bugging.  Tech.  Support/product 
assist.  Salary  at  Prevailing  Wages. 
Candidates  with  BS  in  Electronics 
Eng.  or  Comp.  Sci.,  2  yr.  of  exp., 
&  training  in  Oracle/  Microstrategy 
apply  to  Xpanxion  215  Amesdale 
Court,  Ste.  100,  Alpharetta,  GA 
30022  with  proof  of  work  autho¬ 
rization. 


Software  Engineers  needed  by 
Alpharetta  based  IT  Co-  Bache¬ 
lors  degree  with  1  -2  years  of 
experience  in  job.  Exp  in  Skill 
sets  incl:  Java,  JSP,  Servlets, 
JDBC,  XML.  UML,  Unix,  NT.  VB, 
ASP,  C#.  .Net,  Business  Objects, 
Crystal  Reports,  Oracle,  SQL 
Server.  JavaScript,  XML,  C, 
C++, AS/400.  COBOL,  DB2, 
CICS,  JCL,  MVS.  VSAM,  Embe- 
ded/Firmware,  Coldfusion,  Perl, 
PHP,  Network  Administration, 
Rational  Clearcase  Administra¬ 
tion,  Netscape  proxy  server,  Mi¬ 
crosoft  Exchage  Server  Admin¬ 
istration,  MQSeries,  WEB 
Methods,  Vitria,  SAP.  Peoplesoft, 
Lotus  Domino  Server  Adminis¬ 
tration.  Send  resumes  to 
resumes@anisi.com. 


Full  time  Systems  Analyst 
and  Systems  Designer 
Architect  positions  available. 
Requirements  and  salary 
vary  per  position.  Send 
resumes  to:  Athens  Heart 
Center,  2005  Prince  Ave. 
Athens,  GA  30606.  Attn: 
Sharon  Eades. 


APPLICATION  SOFTWARE 
ENGINEER  for  Miami  based 
software  consultancy  firm  to 
design  and  develop  software 
solutions  to  build/integrate  sys¬ 
tems  and  create  applications. 
Degree  plus  experience  required. 
Send  resumes  to  FTI  Financial 
Technologies,  Inc.,  11098 
Biscayne  Blvd.,  #403,  Miami, 
Florida  33161. 

Responsible  for  coding,  design¬ 
ing  and  re-engineering  Web 
applications  for  clients.  Write 
applications  using  C++.  Rational 
Rose,  UML  and  object  oriented 
analysis  and  design.  Responsible 
for  dealing  with  the  business  part¬ 
ners  in  gathering  the  require¬ 
ments  and  creating  specifica¬ 
tions.  Must  have  a  Bachelor’s 
degree  in  CS  or  foreign  degree 
equivalent.  Must  have  1  year  of 
exp.  in  job  offered.  Salary 
Competitive:  Send  resume  to: 
Raj  Shekaran  Software 
Research  Assoc.  70  Mansell  Ct. 
Ste.  100  Roswell,  GA  30076 


Sr.  System  Analysts  sought  by 
co  in  Lawrenceville.  NJ  to  lead 
turnkey  project  to  dsgn  &  dvlp 
complete  s/ware  systems  for  en- 
vrnmtl  industry.  Successful  can¬ 
didates  must  possess  leadership 
+  following  qualifs:  MS  in  Comp 
Sci,  MIS  or  Comp  Engrng  w/min 
2  yrs  exp.  in  C/S  system  dvlpm- 
nt  and  relational  d/base  dsgn. 
Strong  skills  in  Java,  C,  C++,  Or¬ 
acle,  SQL  server,  AS400,  VB, 
RPG  &  PC  h/ware.  $70K.  Send 
resume  to  HR  Mgr,  EnfoTech,  1 1 
Princess  Rd,  Unit  A, 
Lawrenceville,  NJ  08648. 


Computer  Programmer/Analyst 
for  a  direct  mail  service.  Must 
have  two  years  exp  in  systems 
and  program  development  using 
Foxpro.  BCC  MailManager, 
DOCRIGHT.  One  yr.  exp.  in 
direct  mail  industry.  Send  resume 
to:  Prodigy  Mailing  Services,  Inc., 
1247  Lakeside  Drive  Romeoville, 
IL  60446. 


FUJIFILM  Software 
(California).  Inc. 

We  have  multiple  opportunities 
available  for  software  engineers 
in  our  San  Jose,  CA  office: 

Must  have  min.  req.:  BS  in 
CS/EE;  4+  yrs.  hands  on  exp. 
programming  w/  Win32,  C++. 
MFC,  COM,  VB;  2+  yr  w/  ASP, 
HTML.  JavaScript.  VBScript. 
GUI  design  &  dev;  and  1  +  yr  exp. 
w/  Java,  JNI,  JSP.  JServ,  Oracle 
or  SQL.  InstallShield.  Need  exp. 
w /  scalable,  multithreaded  and 
distributed  architecture. 

Email:  hr@fujifilmsoft.com 
Fax:  408-501-2165 


Director  IT  Svcs.  to  design  appln. 
sys.  arch.,  sys.  &  b/z  cons., 
oprtnl.  process  dsgn.,  b/z  sys. 
oper./perf.  consult.,  gather  re¬ 
quirements,  RFI/RFP,  data  ml- 
gration/sys.  conv.  Compare  b/z 
model/tech,  requirem.  to  billing 
sys.  capab.  Determine/design 
specs,  of  software  upgrade. 
Client  interaction,  integration  of 
partners/users,  &  gen.  aspects 
of  software  delivery.  Require  BS 
in  Electr.  Eng.  or  Comp.  Sci.  +  5 
yr.  exp  +  expertise  in  BSCS 
billing  application.  Apply  to  EWG 
Solutions  4780  Ashford  Dun- 
woody  Rd.  Ste.  A-402  Atlanta 
GA  30338  with  proof  of  work  au- 
thzn.  Salary  at  prevailing  wages. 


Programmer  sought  by  NJ 
based  Securities  Dealer.  Must 
possess  Master's  Degree  or 
equivalent  in  Management, 
Information  Systems  or  related 
field  and  1  year  exp.  in  the 
software/systems  development 
and  design.  Respond  to:  Human 
Resources  Department.  Knight 
Trading  Group,  Inc.,  525  Wash¬ 
ington  Blvd.,  Jersey  City,  NJ 
07310. 


Sr  Forte  Developer/Process 
Analyst  for  telecom  domain  appl 
development/integration.  Will 
design,  write,  test  and  deploy 
Forte,  and  present/update  OOAD 
artifacts.  Require  Bachelors/ 
equiv  and  5  yrs  telecom  domain 
exp  including  3  yrs  Forte  devel¬ 
opment  exp  using  OOAD  mod¬ 
eling  tools.  Job  in  Miami,  FL  or 
1 00%  travel  required  w/relocation 
to  other  client  sites  possible. 
Resumes  to  M.  McDade,  SSIT 
North  America,  21 0  INTERSTATE 
NORTH  PKWY,  SUITE  100, 
ATLANTA,  GA  30339 


Programmer/Analyst 
Analyze,  design  and  develop 
integrated  healthcare  apps. 
using  Visual  Basic,  Windows  NT 
design  of  GUI,  VB.NET,  ASP, 
ASP.NET,  Crystal  Reports,  SQL 
Server  7.0/2000.  Prevailing 
wage/benefits.  2  yrs.  exp.  in 
developing  healthcare  apps 
using  above  tools.  BS  (or  foreign 
equiv.).  Send  resume  to  HR 
MDS  International.  Inc.  11330 
Lake  Field  Dr.,  Ste.  140,  Duluth, 
GA  30097.  EOE. 
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where  the  best  get  better 
1-800-762-2977 


MILLIONS  OF 
READERS 

MILLIONS  OF 
SURFERS 


ITcareers 

where  tha  bast  get  bettar 
1-800  7G2  2977 

ITcareers.com 


ONLY 
THOUSANDS 
OF  DOLLARS 


TOTAL  IMPACT 
TOTAL 
SAVINGS 


Put  your  message  in 
ITcareers  and 
ITcareers.com  and 
reach  the  world’s 
best  IT  talent. 


Computerworld  •  Into  World  •  Network  World  •  June  24, 2002 
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Sure 

NetworkWorld, 

COMPUTERWORLD, 
AND  INFOWORLD 

Help  You  Do 
A  Better  Job. 


Now  Let  Us  Help 
You  Get  One. 

Call: 

1-800-762-2977 
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SOFTWARE  ENGINEER  (posi¬ 
tion  located  in  Baltimore,  MD)  to 
analyze,  design,  program,  debug 
&  modify  local,  network  or  internet- 
related  computer  software  pro¬ 
grams  for  commercial  or  end-user 
applications  such  as  materials 
mgt.,  financial  mgt.,  HRIS  or 
desktop  applications  products; 
Write  code  &  complete  program¬ 
ming;  Perform  stated  duties  us¬ 
ing  Java,  JSB,  Servlet  &  Java 
Script.  Require:  Bach,  degree  (or 
foreign  equivalent)  in  Comp. 
Sci./lnfo.  Systems,  Elec./Mech. 
Engineering,  or  a  closely  related 
field,  with  2  yrs.  of  exp.  in  the  job 
offered  or  as  a  Programmer/An¬ 
alyst.  Competitive  salary  and 
benefits.  Hours:  8  amp-5pm,  M- 
F.  Send  resume  to:  SD-HR, 
CheckFree  Services  Corp.,  441 1 
E.  Jones  Bridge  Rd.,  Norcross, 
GA  30092  (No  Phone  Calls 
Please) 


COMPUTER  PROGRAMMER 
wanted  by  plastic  bags  manu¬ 
facturer  in  Houston,  TX.  Respond 
by  resume  to  Ms.  H.  Leung,  Y/T, 
Nation  Plastics,  Inc.,  6666  Harwin 
Dr.,  #508,  Houston,  TX  77036. 


Advisory  Engineer.  Essex  Junc¬ 
tion,  VT.  Develop  Analog  and  RF 
MOSFET  models;  design  device 
layout  for  model  extraction;  de¬ 
velop  compact  device  models 
for  CASD  design  kits;  perform 
statistical  data  analysis;  model 
parameter  extraction;  model  file 
coding;  simulation  of  device-level 
characteristics  from  within  CAD 
environment;  coordinate  mea¬ 
surements  with  characterization 
lab;  work  with  design  automation 
team  on  the  integration  of  models 
within  the  design  kit;  provide 
support  to  applications  team  for 
responding  to  and  resolving  cus¬ 
tomer  problems  utilizing  CAD 
tools,  Cadence  Analog  Artist 
Framework,  HSPICE  and  MAT- 
LAB.  Requires  Master's  degree 
or  equivalent  in  Engineering, 
Computer  Science  or  MIS  and 
one  (1)  year  of  experience  in 
the  job  offered  or  one  (1 )  year  of 
experience  in  the  related  occu¬ 
pation  of  Applications  Engineer. 
We  will  accept  a  Bachelor's  degree 
and  five  years  of  progressively 
more  responsible  experience  in 
lieu  of  a  Master's  degree. 
$99,508.00  per  year.  40  hours 
per  week.  9:00am  -  6:00pm. 
SEND  RESUMESTO  Job  Order 
No.  613350,  Jobs  and  Training 
Division,  VT  Department  of 
Employment  and  Training,  P.O. 
488,  Montpelier,  VT  05601  -0488. 


PROGRAMMER  ANALYST 
(Jersey  City)  Analyze,  define 
and  document  requirements  for 
data,  workflow,  logical  process, 
hardware  &  op.  system  environ¬ 
ment,  interfaces  with  other  sys¬ 
tems,  internal/external  checks  & 
controls  &  outputs.  Write  and 
maintain  tech  specs.  Design, 
develop  and  maintain  client- 
server  and  multi-tier  applications 
using  DCOM  and  Visual  Basic, 
and  database  systems:  design 
tables,  create  hierarchies,  resolve 
issues  of  database  security, 
integrity  and  query  optimization. 
Create  design  docs  using  Ratio¬ 
nal  Rose  and  Erwin;  perform 
database  adm  of  Oracle  servers. 
Train  and  support  staff  on  product 
application.  Conduct  studies  on 
development  of  new  info  systems. 
Travel  to  customers  sites  when 
necessary.  B.S.  Computer  Sci.  + 
1  yr.  exp.  Send  resume  to:  ISHI 
SYSTEMS,  One  Exchange 
Place,  Suite  308,  Jersey  City,  NJ 
07302. 


Software  Developer:  A  Manage¬ 
ment  Consulting  firm  specializing 
in  business-IT  alignment  is  seek¬ 
ing  a  Software  Developer  who 
will  be  responsible  for  planning, 
developing,  modifying  &  testing 
our  proprietary  project  portfolio 
management  software  suites. 
Req'd:  Bachelor  degree  in  Comp 
Sci,  Engineering  or  related.  2  yrs 
exp  in  the  job  offered  or  2  yrs  exp 
as  Applications  Programmer 
or  related.  Must  have  exp  w/com- 
ponent/object  oriented  relational 
database  programming  in  Borland 
Delphi.  Must  have  knowledge  of 
web  technologies,  incl.  Visual 
C++,  TCP/IP,  Win  (95/98/NT), 
and  scripting  (PHP&ASP).  Send 
res.  to:  Hindy  Silverman.  United 
Management  Technologies,  500 
5th  Ave.  #430,  NY,  NY  10110. 


Kanbay  is  a  premier  global 
systems  integrator  that 
provides  hign-quality,  high- 
value  solutions  to  the 
insurance,  banking,  credit 
card,  consumer  lending  and 
securities  industries.  We 
provide  a  complete  lifecycle 
of  services  including 
program  management, 
business  analysis, 
technology  planning, 
architecture,  application 
development,  maintenance 
and  support.  Our 
specialized  services  include 
business  intelligence, 
package  selection, 
customization  and 
implementation. 

The  following  opportunities 
are  based  at  our  corporate 
headquarters  in  Chicago 
and  locations  nationwide. 
We  are  seeking  candidates 
with  technical  skills  in:  JAVA, 
J2EE,  OOAD,  WebSphere, 
XML,  COBOL,  CICS,  DB2, 
JCL,  and  VisionPlus 
expertise  in  an  MVS 
environment. 

•  Project  Managers 

•  Technical  Architects 

•  Project  Leads 

•  Sr.  Programmer/ 
Analysts 

For  consideration,  forward 
response  to:  Kanbay,  Inc,, 
6400  Shafer  Ct.,  Suite  1 00, 
Rosemont,  IL  60018.  Fax: 
847-318-0784.  Email: 
rstewart@kanbay.com. 

Please  reference  code 
CW0602  in  all 
correspondence.  Kanbay  is 
an  Affirmative  Action 
Employer/EOE 
organization. 


Kanbay 

www.kanbay.com 


Programmer  wanted  by  Mktg 
Communications  Co  inTX.  Dvlp, 
maintain  &  implement  cust 
client/server  appls;  create  data¬ 
bases  &  web-based  solutions; 
dvlp  &  maintain  prgms.  Bach  in 
Comp  Sci  or  Engr  &  2yrs  exp  in 
job  offered  req.  Respond  to: 
YW/HR  Dept,  PO  Box  4241, 
GCS,  NY  10163. 


SYNAPSE  GROUP,  INC.,  a 
leading  computerized  magazine 
marketing  company,  is  looking  to 
hire  a  qualified  MARKET  RE¬ 
SEARCH  ANALYST.  Responsi¬ 
bilities  include:  reviewing  and 
evaluating  the  profitability  and 
effectiveness  of  company's 
marketing  programs,  developing 
financial  and  business  models 
for  existing  and  targeted  client 
sales,  implementing  financial 
planning  solutions,  and  examining 
and  analyzing  statistical  data  to 
forecast  future  marketing  trends. 
Qualified  applicants  are  required 
to  possess  at  least  a  Bachelors 
degree  in  Business  Administration, 
Economics,  Finance  or  it's 
equivalent.  A  strong  PC  and 
SPSS  background  a  plus. 

The  company  offers  a  competitive 
compensation/benefit  package 
and  an  environment  where 
achievements  are  recognized  & 
professional  growth  encouraged. 
Qualified  applicants  are  encour¬ 
aged  to  mail  resumes  to:  HR 
Dept.,  Synapse  Group,  Inc., 
Four  High  Ridge  Park,  Stamford, 
CT  06905-1325. 


Product  Design  and  Release 
Engineer  (multiple  full  time 
openings)  -  Under  close  super¬ 
vision  of,  and  receiving  instructions 
from,  the  project  management 
authority,  assist  in  designing  test 
procedures  for  automotive  com¬ 
ponent;  assist  in  building  auto¬ 
motive  component  prototype;  act 
as  liaison  with  suppliers  to  ensure 
adherence  to  parts  specifications, 
quality,  test  procedures  and 
deadlines  for  parts  delivery;  assist 
in  releasing  customer  approved 
prototype  for  production;  and  use 
FORTRAN,  Ansys,  Matlab. 
Minitab  and  AutoCAD.  Req's. 
Bachelor's  in  Mechanical  Engi¬ 
neering  or  its  foreign  edu.  equiv. 
$45,000/yr.  Frequent  relocation 
may  be  necessary.  Send  resume 
to  J.  Brigham,  Onsite  Companies, 
Inc.,  7301  Parkway  Dr..  Handover. 
MD  21076.  Attn:  G7702. 


Product  Development  Engineer 
(multiple  openings)  -  Under 
close  supervision  of,  and  receiv¬ 
ing  instructions  from,  the  project 
management  authority,  assist  in 
all  of  the  following  tasks:  support 
automotive  body  structures  for 
validating  system  design  speci¬ 
fication  requirements;  design 
and  develop  experiments  to  test 
various  components  for  reliabili¬ 
ty,  durability  and  performance  in 
a  variety  of  conditions  encoun¬ 
tered  in  normal  operation  using 
IDEAS,  MSC  NATRAN,  Hyper- 
MESH  and  CAE;  and  design,  an¬ 
alyze  and  optimize  structural  so¬ 
lutions  tests  for  various  auto 
components  including  high  mill- 
age  degradation,  a  special  test¬ 
ing  process  for  sheets  metal  and 
spot  welds.  Req's.  Bach's  in 
Mech  Engg.  or  its  foreign  ed. 
equiv.  +  1  yr  exp.  in  a  related  oc- 
cup.  Frequent  relocation  may  be 
necessary.  Send  resume  to  J. 
Brigham,  Onsite  Companies. 
Inc.,  7301  Parkway  Dr.,  Hanover, 
MD  21046.  Attn:  G14002. 


Systems  Analyst.  40  hr/wk.  9  am  - 
5  pm.  Monday  to  Friday.  $72,000/ 
yr.  Design,  develop  software 
applications.  Test  software  to 
insure  performance  to  company 
and  industry  quality  standards 
Consult  with  other  application 
designers  and  end  users 
throughout  all  phases  of  design, 
implementation  and  testing.  Use 
RPG/400,  CLV400  and  SQL/400 
on  IBM/400  computer.  Requires 
Bachelor  of  Science  degree 
in  Computers  and  two  years 
experience  in  job  offered  or  as 
Programmer  Analy  st.  Applicants 
must  show  proof  of  legal  authority 
to  work  in  the  U  S.  Please  send 
resumes  to  Illinois  Department 
of  Employment  Security,  401 
South  State  Street  -7  North, 
Chicago,  Illinois  60605  Attention: 
Leila  Jackson,  Pelerence  #VIL 
27214-J.  An  Employer  Paid  Ad 
No  Calls  Send  2  cop.es  of  both 
resume  and  cover  letter 
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For  over  20  years,  Syntel  employees  across  North  America,  Europe,  and 
Asia  have  helped  build  advanced  information  technology  systems  for  lead¬ 
ing  Fortune  500  companies  and  government  organizations  to  improve  their 
efficiency  and  competitiveness.  Today,  Syntel  professionals  are  building 
rewarding  careers  by  providing  solutions  in  e-business,  CRM,  Web  Design 
and  Data  Warehousing. 

Come  discover  why  Forbes  magazine  placed  Syntel  second  on  its  list  of 
“The  200  Best  Small  Companies  in  America”  and  Business  Week  ranked 
us  #1 1  on  its  list  of  Hot  Growth  Companies. 

Due  to  our  rapid  growth,  we  have  immediate,  full-time  opportunities  for 
both  entry-level  and  experienced  Software  Engineers,  Consultants, 
Programmers,  Programmer/Analysts,  Project  Leaders,  Project  Managers, 
Supervisors,  Database  Administrators,  Computer  Personnel  Managers 
and  Computer  Operations/Account  Managers/Account  Executives  with 
any  of  the  following  skills: 

Mainframe 

•  IMS  DB/DC  or  DB2,  MVS/ESA, 

COBOL.  CICS 

DBA 

•  ORACLE  or  SYBASE 

Client-Server/WEB 

•  Siebel 

•  Websphere 

•  Com/DCom 

•  Web  Architects 

•  Datawarehousing 

•  Informix,  C  or  UNIX 

•  Oracle  Developer  or  Designer  2000 

•  JAVA,  HTML,  Active  X 

•  Web  Commerce 

•  SAP/R3,  ABAP/4  or  FICO  or  MM 
&  SD 


•  Focus,  IDMS  or  SAS 


•  DB2 


Oracle  Applications  &  Tools 

Lotus  Notes  Developer 

UNIX  System  Administrator 

UNIX,  C,  C++,  Visual  C++,  CORBA, 

OOD  or  OOPS 

WinNT 

Sybase,  Access  or  SQL  server 

PeopleSoft 

Visual  Basic 

PowerBuilder 

IEF 


Account  Executives,  Account  Managers  and 
Business  Development 

Positions  available. 

Some  positions  require  a  Bachelor's  degree,  others  a  Master's  degree.  We  also 
accept  the  equivalent  of  the  degree  in  education  and  experience. 

With  Syntel  (NASDAQ:  SYNT),  you'll  enjoy  excellent  compensation,  full  benefits, 
employee  stock  purchase  plan  and  more.  Please  forward  your  resume  and 
salary  requirements  to:  Syntel,  lnc„  Attn:  Recruiting  Manager-LD06, 

525  E.  Big  Beaver,  Suite  300,  Troy,  Ml  48083.  Phone:  248-619-2800; 
Fax:  248-619-2888.  Equal  Opportunity  Employer. 


S*=*NirEL 

www.syntelinc.com 


Systems  Administrator-Analyze. 
design,  install,  and  administer 
network  systems,  including  net¬ 
work  servers,  print/file  servers, 
and  Intranet  in  a  heterogeneous 
environment.  Duties  include 
designing  shared  resources, 
migrating  data,  backup,  reviewing 
system  capacity,  and  integrating 
new  software  applications,  to 
ensure  an  efficient  operation  of 
the  systems.  Use  at  least  half  of 
the  following:  NT  Server,  Novell 
Server.  Unix,  TCP/IP,  AS/400. 
SQL,  and  Visual  Basic.  Reqs: 
Bachelor  or  equivalent  foreign 
degree  in  Computer  Science, 
Computer  Engineering,  Electrical 
Engineering,  Electronic  Engi¬ 
neering,  or  Math  and  2  years 
experience  in  the  job  offered. 
$51 ,896.00/yr,  40  hrs/wk,  8:30a- 
4:30p,  M-F.  Work  location:  Various 
unanticipated  locations  through¬ 
out  the  U.S.  Send  resume  to  Col¬ 
orado  Department  of  Labor  and 
Employment,  Employment  Pro¬ 
grams,  ATTN:  Jim  Shimada,  Two 
Park  Central,  Ste.  400,  1515 
Arapahoe  Street,  Denver,  CO 
80202-2117,  and  refer  to  order 
CO5021863.  An  employer  paid 
ad.  Application  is  by  resume 
only. 


SOFTWARE  CONSULTANT 

Analyze  &  evaluate  existing  or 
proposed  software  systems.  Dvlp, 
implmnt  and  improve  programs, 
systems  and  related  procedures 
to  process  data  using  in-depth 
knowledge  of  the  software  de¬ 
velopment  life  cycle.  Encode, 
test,  debug  and  install  operating 
programs  and  other  system 
software  utilizing  ERP  Package 
software  (including  MFG/PRO, 
SYMIX  and  Progress)  as  well  as 
the  Progress  4GL  programming 
language.  Bach,  degree  or  equiv. 
in  Comp.  Sci.,  Math,  Bus.,  Engnrng 
or  Commerce  +  2  years  of  exp. 
in  position  offered  or  as  a  Prog. 
Analyst,  Software  Engnr  or  Sys¬ 
tems  Analyst  reqd.  Exp.  must 
include:  a)  ERP  Package  software 
including  MFG/PRO,  SYMIX  or 
Progress;  and  b)  Progress  4GL. 
High  mobility  preferred.  40  hrs/ 
wk,  8  am  -  5  pm,  OT  as  reqd, 
$61,000/yr.  Qualified  applicants 
please  submit  resume  to  Man¬ 
ager,  Washington  County  Team 
PA  CareerLink,  Millcraft  Center, 
Suite  150LL,  90  West  Chestnut 
Street,  Washington,  PA  15301- 
4517.  Refer  to  Job  Order  No. 
WEB253133. 


Executive  Consultant  - 
Financial  Services 
Position  available  to  analyze  busi¬ 
ness  requirements  and  objectives 
for  major  banks,  brokerages,  &  in¬ 
surance  companies.  Manage/di¬ 
rect  completion  of  software/sys¬ 
tem  integration  for  Proof  of 
Concepts.  Develop  Work  Assign¬ 
ments,  Statements  of  Work  &  Re¬ 
quests  for  Proposal.  Manage  work 
of  engagement  and  project  team 
and  oversee  completion  of  com¬ 
plex  software/system  integration 
implementation  projects.  Devel¬ 
op/manage  overall  program/pro¬ 
ject  -  budget,  structure,  schedule, 
&  staffing  requirements.  Identify  & 
define  repeatable  software  &  sys¬ 
tem  implementation  (maps,  strate¬ 
gies,  etc. )  that  can/will  be  sold  as 
new  product  and  Service  Of¬ 
ferings.  Develop  internal  soft¬ 
ware/systems  implementation 
documentation:  Best  Practices, 
Benchmarks,  Tips  &  Strategies, 
and  Metrics.  MBA  (Finance)  or 
M.S.  (MIS)  and  3  yrs.  exp.  Exp. 
must  include  direct  knowledge  of 
database,  software,  applications  & 
computer  systems  technology 
used,  including  conceptual  under¬ 
standing  of  integration  products, 
processes  &  concepts  for  banks, 
financial  securities  markets,  and 
trading  spaces.  Exp.  with  financials 
software  applications  consulting, 
business  analysis,  quality  assur¬ 
ance  procedures,  Financial  Ser¬ 
vices  systems,  software  products 
&  tools  offerings;  STP,  SWIFT,  etc. ; 
database  logic;  reporting/tracking 
software(CRM);  project-manage¬ 
ment  tools  (MS  Project,  Visio);  in¬ 
ternet  &  intranet  messaging  & 
transaction  utilities;  and  2  yrs.of 
Big  Five  expjind.  certifications  for 
tools  used  in  the  industry).  Fax  re¬ 
sume  to  Mercator  Software,  Inc., 
Attn:  John  Addyman  at  (203)  761  - 
8578. 


WEB  DEDVELOPER 

EXECUTIVE  GREETINGS.  INC  ; 
A  business-to  business  direct 
marketing  company,  has  an  im¬ 
mediate  opening  in  New  Hartford, 
Connecticut,  for  a  Web  Developer 

Evaluate  complex  business  needs 
to  determine  technical  solutions 
to  problems  or  improvements 
to  the  business  environment. 
Create  new  systems  by  confemng 
with  users  to  determine  their 
software  needs.  Apply  technical 
and  business  solutions  and  use 
data  structure  design  and  pro¬ 
gram  technologies  to  satisfy  user 
requirements. 

Must  possess  a  bachelor's  degree 
or  its  equivalent  in  Computer 
Science  or  a  related  field  and  rel¬ 
evant  work  experience,  including 
Windows  NT/98,  Sun  Solaris, 
Java,  Java  Script,  HTML.  XML, 
Oracle,  SQL  Server,  ASP.  C++, 
EJB,  J2EE,  JSP,  and  Weblogic. 

Resume  and/or  cover  letter  must 
reflect  each  requirement  above 
and  specify  reference  code  WD 
or  it  will  be  rejected. 

Forward  resume  to:  Lucy 
Chwaszczynski  at  Executive 
Greetings,  Inc.  120  Industrial  Park 
Access  Road,  New  Hartford,  CT 
06057. 


Computer  Systems  Administrator, 
Retail  Mortgage  Banking  co, 
Atlanta.  GA: 

Develop,  administer,  maintain, 
support  Empower  client/server 
loan  origination  system;  design, 
develop  workflow  models  &  ap¬ 
plication  screens/forms  in  Delphi. 
Administer  Oracle  databases; 
design,  test,  implement  database 
backup  &  recovery  procedures; 
perform  installs  &  upgrades  & 
troubleshoot.  Design  production 
reports  using  Crystal  reports  & 
SQL  queries.  Administer  Citrix 
Meta-frame  1 .8  servers.  Devel¬ 
op  web-based  applications  for 
Intranet  using  ASP.  Req:  Bache¬ 
lors  in  Info.Tech.or  Comp. Info 
Systs  or  related  field  +  1  yr  in  job 
or  as  Info.Tech.  Assistant  or  re¬ 
lated.  Send  resume  to  HR.Sun- 
shine  Mortgage  Co,  2401  Lake 
Park  Drive,  Ste  300,  Smyrna, 
GA  30080. 


Sr.  Network  Admin:  You  will 
ensure  24x7  availability  of 
servers  for  Oracle,  SQL,  Access, 
Exchange  &  web  services,  incl. 
h/w  and  s/w  in  a  heterogeneous 
UNIX/Windows  NT  &  2000 
environment.  You  will  support 
needs  analysis  and  expansion 
planning;  provide  user  support 
and  training;  ensure  both  acces¬ 
sibility  and  security;  configure 
and  support  upgrades;  and 
performance  tune  all  compo¬ 
nents  and  apps.  Req.  5+  yrs  exp 
in  software  support,  3+  yrs 
of  which  incl.  network  admin  in 
heterogeneous  network  and  OS 
environments.  $85,500/yr.  No 
visa  sponsorship.  Principals 
only.  Send  resume  to:  PTC 
Therapeutics,  Inc.,  ATTN:  Hum. 
Res.,  Job  Code  06-1010G,  100 
Corporate  Court,  South  Plainfield, 
NJ  07080  or  by  fax  to  908-548- 
9992. 


Codesic  seeks  Dir.  of  Info.  Bus. 
Sys.  for  Kirkland,  WA  HQ  office. 
DESC:  Meet  w/  bus.  &  IT  mgrs. 
to  id  user  reqs.  Anlyz.  bus.  info, 
sys.  &  make  recs.  on  tech,  solns. 
&  enhancements.  Prep  proposals 
&  outline  proj.  specs.  Mng.  proj. 
teams  thru  full  life  cycle  arch, 
dsgn,  dev,  &  impl.  of  enterprise 
info.  sys.  &  e-com  &  e-bus.  apps. 
Recruit  &  mng.  sys.  dev.  team 
members.  Prov.  perl.  &  career 
planning,  training,  &  mentoring. 
Sup.  bus.  dev.  in  strategic  cust. 
accts.  Util.  RDBMS,  SQL,  Unix, 
&  Win  o/s  REQ:  BS  in  Bus,  Bus. 
Admin,  Econ,  or  Finance  +  5  yrs. 
exp.  in  full  life  cycle  dsgn,  dev, 
impl.  &  config.  corp.  e-com  & 
e-bus.  info.  sys.  util.  RDBMS, 
SQL,  Unix.  &  Win  o/s.  Plus  2 
yrs.  proj.  mngment  exp.  supr 
enterprise  level  IT  dev.  teams. 
Prem.  sal  +  benes.  Pis  reply 
to  Technical  Recruiter.  Job  # 
CO- 102,  11250  Kirkland  Wy. 
Ste  101 .  Kirkland,  WA  98033. 


Software  Dev  Comp,  in  NJ 
seeking  Software  Engg/MS 
degree  &  1  yr  exp.  or  its  equivalent 
Equivl.  is  based  on  education  & 
exp.  evaluation. 

Appl  must  be  able  to  work  w/ 
following:  Firmware.  Logic  Ana¬ 
lyzers.  Software  Simulator.  Com¬ 
munication  protocols,  GUI, 
VC++.  Microsoft  Visual  Source 
Safe,  Vx  Works,  Oracle.  Java.  C, 
C++  &  maintain  software. 

Apply  to:  Attn  Recruiter: 
Anchcomm.  Inc.,  1  Faith  Dr., 
Ocean,  NJ  07712. 


Several  computer  related  posi¬ 
tions  available  for  international 
airline  telecom  and  information 
services  company.  Degree, 
technical  skills  &  experience 
vary  per  positions.  Send  resume 
to  Natasha  Lyttle.  SITA  INC, 
3100  Cumberland  Blvd..  Ste. 
200,  Atlanta,  GA 30339  or  jobs® 
sitacareers.com. 


ITcareers  and 
ITcareers.com 
reach  more 
than  2/3  of  all 
US  IT  workers 
every  week.  If 
you  need  to  hire 
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Watchful  eye 


EMCLink.net,  EMC's  application  performance-manage¬ 
ment  service,  would  monitor  the  performance  of 
applications,  operating  systems  and  storage. 


Customer's  site 
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The  EMC  data  collector 
resides  on  a  dedicated  server 
at  the  customer’s  site. 


EMCLink.net 

Intelligence 

Center 


EMCLink.net  analyzes  the 
information  and  returns  it 
to  the  customer  for  action. 


Applications 
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Storage  Database  Server 


It  collects  performance  data  and 
statistics  from  a  variety  of  devices  and 
applications,  such  as  network  appliances, 
file  servers  and  storage  systems,  as 
well  as  Windows  NT/2000  servers  and 
Oracle  databases.  It  then  sends  the  data 
to  the  EMCLink.net  data  warehouse. 


CMC 

contif 

the  service,  analysts  are 
skeptical  that  EMC  can  be 
successful  in  a  market 
dominated  by  established 
vendors. 

“It  makes  sense  that  EMC 
wants  to  offer  application 
performance-management 
tools  because  a  lot  of  what 
they  are  doing  in  storage 
has  been  tied  to  the  applica¬ 
tion,”  says  Jamie  Gruener, 
senior  analyst  with  The 
Yankee  Group'But  it  is  going 
to  be  an  uphill  battle  to  gain 
mindshare  because  people 
don’t  associate  EMC  with 
performance  management.” 

Computer  Associates,  BMC  and  Tivoli 
Systems  are  among  the  systems  manage¬ 
ment  giants  EMC  will  compete  with  in  the 
application  performance-management 
arena;  Micromuse,  Riversoft  Technologies 
and  Tonic  Software  are  some  of  the  smaller 
vendors  that  offer  application  perfor¬ 
mance-management  tools. 

If  observers  were  watching  closely  over 


the  last  two  years  they  could  have  predic¬ 
ted  EMC’s  interest  in  performance  man¬ 
agement.  The  company  acquired  Tera- 
scape  Software  in  2000  and  Luminate 
Software  last  year,  both  performance-man¬ 
agement  vendors. Terascape  specialized  in 
database  performance  monitoring  while 
Luminate  focused  on  storage  and  operat¬ 
ing  systems. 


“This  service  is  indicative  of 
EMC’s  goal  of  owning  more  of 
the  management  of  the  data 
center  says  Peter  Gerr.an  analyst 
with  Enterprise  Storage  Group.“If 
you  believe  that  the 
storage  layer  is  the 
foundation  upon 
which  everything  else 
is  built,  then  EMC  is  in 
a  good  position.” 

Although  details  are  sketchy 
about  when  EMC  will  launch 
the  service  and  how  much  it 
will  cost,  the  service  is  in  an 
early  adopter  program  now  and 
customers  can  get  involved.  A 
spokesman  acknowledged  the 
existence  of  the  service  but 
declined  to  comment.  Like 
other  EMC  services,  it  is  ex¬ 
pected  that  this  one  will  be  priced  based 
on  the  individual  hardware  and  software 
configuration. 

According  to  documents  on  www.emc 
link.net,  the  service  will  isolate  problems 
and  provide  detailed  views  to  help  users 
understand  what  is  happening  on  their 
networks  and  help  them  resolve  prob¬ 
lems  quickly. 


It  appears  the  service  will  be  similar  to 
EMC’s  ‘phone  home’  service,  whereby  sys¬ 
tems  automatically  call  into  EMC  engi¬ 
neers  when  problems  crop  up,  enabling 
EMC  to  solve  them  quickly 

Customers  would  have  to  install  a  dedi¬ 
cated  server  on  their  network  called  the 
EMC  Data  Collector  to  gather  data  from 
host  computers,  EMC  Symmetrix  and 
CLARiiON  arrays  and  Celerra  network- 
attached  storage  systems  and  Network 
Appliance  file  servers.  It  also  will  collect 
Unix  and  Windows  NT/2000  performance 
data,  along  with  critical  database  informa¬ 
tion,  and  report  it  via  the  Internet  to  EMC 
Link.net.There  the  information  will  be  ana¬ 
lyzed  and  recommendations  crafted  and 
sent  back  to  the  customer. 

Customers  would  be  able  to  view  root- 
cause  analysis  and  fix  and  prevent  future 
conditions  that  may  affect  their  systems’ 
operation,  according  to  EMC.  That  is 
achieved  by  tracking  system  resources 
such  as  CPU  and  reporting,  capacity  man¬ 
agement  and  online  trending. 

Analysts  say  that  whereas  before  cus¬ 
tomers  might  have  been  satisfied  with  EMC 
engineers  controlling  their  systems,  they 
now  are  asking  for  proactive  management 
capabilities.  ■ 


Something  old,  something  new 

HP  OpenView  introduces  some  new  products 
and  upgrades  some  old  favorites. 


What’s  new 

Feature 

Transaction 

Analyzer 

Manages  applications  and  transactions  across 
network,  databases  and  servers  by  monitoring 
traffic  among  them. 

Smart  Plug  In 
for  WebMethods 

Correlates  business  processes  stored  in  a 
WebMethods  server  with  network  performance 
data  collected  by  HP  OpenView  management 
software. 

Network  Node 
Manager  6.31 

Reduces  network  management  event  streams 
by  up  to  45%,  enabling  faster  root-cause  analysis. 

Data  Protector 
5.0  (formerly 
Omniback) 

Performs  tape  or  disk  mirroring  when  backing 
up  data,  enabling  faster  recovery  speeds. 

Service  Desk  4.5 

Exports  XML  service-level  information  to 
OpenView  Operations  and  OpenView  Internet 
Services  software  to  better  define  and 
measure  network  performance  metrics. 

Hewlett-Packard 

continued  from  page  1 

6.31,  and  Service  Desk,  Release 
4.5,  will  let  users  fix  problems 
faster  by  reducing  false  event 
notices  and  helping  set  service 
levels  respectively  (see  chart). 
The  announcements  will  be 
made  at  HP’s  Software  Forum, 
a  user  conference  that  is  ex¬ 
pected  to  draw  about  1,000  HP 
customers. 

The  products  are  the  first 
OpenView  announcements  since 
HP  and  Compaq  merged,  and 
come  on  the  heels  of  news  that 
HP  will  be  exiting  the  middleware 
business.  Revenue  in  HP’s  soft¬ 
ware  division,  including  Open- 
View  along  with  Netaction  and  e- 
Speak  middleware  technology, 
declined  6%  in  the  second  quar¬ 
ter,  according  to  the  company 

The  company  will  be  leaning 
heavily  on  its  OpenView  software 
to  ensure  the  rest  of  this  year 
becomes  profitable,  says  Rich 
Ptak,  an  analyst  with  Ptak  and 
Associates."  [HP]  may  be  holding 
its  own,  but  it’s  not  growing  in  the 
marketplace  right  nowT  he  says. 
HP  boasts  135,000  OpenView 
installations  worldwide,  in  service 
providers  and  enterprise  net¬ 
works. 

F’aul  Bugala,  senior  analyst  at 
•DC.  says  OpenView  is  still  the  de 
facto  IP  fault  management  mar¬ 
ket  leader  in  managing  distrib¬ 
uted  enterprises,  while  Tivoli  is 
No.  1  in  mainframe-based  man¬ 


agement  tools.  Computer  Asso¬ 
ciates  comes  in  at  No.  5  in  both 
categories. 

Of  the  new  products,  perhaps 
most  interesting  is  Transaction 
Analyzer,  observers  say.  This  soft¬ 
ware  can  help  users  track  the  per¬ 
formance  of  applications  across 
disparate  network  elements  and 
pinpoint  where  bottlenecks  and 
slowdowns  in  service  might 
occur,  the  company  says. 

HP  says  the  software  can  in¬ 
spect  transactions  in  Microsoft 
.Net  and  Java  2  Platform  Enter¬ 
prise  Edition  applications  down 
to  the  component  building 
blocks  and  Enterprise  JavaBeans. 
Transaction  Analyzer  can  “under¬ 
stand  what’s  going  on  inside  an 
applications  server according  to 
Bill  Emmett,  HP  OpenView  senior 
solutions  marketing  manager.  HP 
competitors  Tivoli  Systems  and 
Computer  Associates  also  touted 
the  ability  to  manage  Web  ser¬ 
vices  in  recent  months. 

Transaction  Analyzer  is  software 
installed  on  application  servers 
across  a  network.  The  package 
monitors  traffic  between  applica¬ 
tions.  Transaction  Analyzer  sets  a 
baseline  of  application  perfor¬ 
mance  and  response  time,  help¬ 
ing  network  managers  distinguish 
between  normal  and  abnormal 
application  performance. 

“The  ability  to  monitor,  report 
on  and  control  when  you  get  into 
true  Web-based  applications  is 
what  they’re  all  striving  for,”  Ptak 
says.  Web  services  technology  is 


said  to  help  applications  better 
integrate  and  allow  multiprocess 
requests  be  fulfilled  via  the  Web, 
and  the  ultimate  Web  services 
would  have  applications  dynami¬ 
cally  working  together  over  the 
Internet  for  business-to-business 
commerce. 

But  because  that  goal  of  Web 
services  is  still  “pretty  far  off,”  says 
Jasmine  Noel,  an  analyst  with 
JNoel  Research,  the  value  in 
Transaction  Analyzer  lies  in  how 
the  software  can  monitor  applica¬ 
tions  across  different  domains.  As 
a  diagnostics  tool,  it  will  not  pro¬ 
vide  real-time  management,  but 
Noel  says  it  can  potentially  mini¬ 
mize  troubleshooting  time  and 
help  fix  application-performance 
problems. 

Companies  such  as  Managed 
Objects  and  Tivoli  offer  software 
that  monitor  performance  of  an 
app  from  request  to  service  deliv¬ 
ery  by  tapping  the  databases, 
servers  and  network  devices  the 
application  must  touch  to  deliver 
the  request  to  an  end  user. 

Also  on  tap  is  HP’s  OpenView 
Smart  Plug-In  (SPI)  for  Web- 
Methods  software  that  will  let 
users  track  network  resources  be¬ 
ing  used  by  business  applications. 
SPls  are  software  modules  that  let 
OpenView  monitor  software  from 
third-party  vendors  such  as  data¬ 
bases,  Web  and  application  ser¬ 
vers.  The  SPI  for  WebMethods  will 
correlate  alarms  from  critical 
business  applications  and  report 
them  to  OpenView. 


Industry  watchers  say  some  of 
the  announcements  will  address 
some  of  OpenView  users’  con¬ 
cerns  about  the  platform:  better 
integration  with  third-party  appli¬ 
cations.  HP  and  its  OpenView 
Forum  conducted  an  online  sur¬ 
vey  at  last  year’s  event.  Users  were 
asked  what  they’d  most  like  to  see 
from  the  company  in  the  coming 
year.  Responses  ranged  from  eas¬ 
ing  installation  to  more  network 
and  storage-management  soft¬ 
ware  to  changing  the  pricing 
structure  of  OpenView  products. 

David  Szacik,  senior  network 
manager  at  Freudenberg-NOK  an 


automotive  parts  maker  in  North- 
field,  N.H.,  will  be  heading  to  the 
conference  next  week,  where  he 
hopes  to  hear  more  about  how 
HP  will  be  using  its  TopTools 
hardware  management  software 
acquired  from  Compaq.  He  says 
he’d  also  like  to  hear  more  about 
HP  hardware  such  as  PCs  and 
servers, considering  he  was  in  the 
process  of  rolling  out  about  90 
servers  when  the  Compaq  acqui¬ 
sition  became  final. 

“We’re  backing  off  on  the  rollout 
to  try  to  determine  if  it’d  be  better 
for  us  to  go  with  Compaq  hard¬ 
ware  or  elsewhere,”  he  says.  ■ 
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Vulnerable 

continued  from  page  1 

such  as  Windows  NT  and  2000,  Linux  and  Unix. 
All  of  the  products  have  standard  IP  stacks, 
which  make  them  susceptible  to  denial-of-ser- 
vice  or  hacker  attacks.  Many  IP  PBXs  also  include 
Web-based  administration  clients  or  configura¬ 
tion  tools  built  on  Microsoft  Internet  Information 
Server  (ISS)  and  Apache  Web  server  —  platforms 
that  are  constantly  being  patched  for  security 
holes  and  bugs. 

With  these  phone  systems  now  connected  to  the 
same  LANs  and  WANs  as  end  users  and  even  the 
public  data  networks,  experts  say  IP  telephony 
users  must  be  on  guard. 

“With  an  IP  PBX.  you're  dealing  with  a  server, and 
it’s  just  as  vulnerable  as  any  other  computer  on 
your  network.”  says  Mike  Homer,  manager  of  lab 
testing  at  Miercom.an  independent  IT  testing  and 
consulting  firm  and  a  member  of  the  Network 
World  Global  Testing  Alliance. 

“The  idea  of  viruses  or  hacking  might  be  totally 
new  to  you  if  you’re  coming  from  theTDM  world  to 
IP  telephony  Homer  says.  But  security  has  always 
been  an  issue  in  the  telecom  world,  he  adds,  citing 
old  problems  such  as  toll  fraud  and  other  system 
misuse. “Those  types  of  things  still  exist  in  the  TDM 
world.  It’s  just  that  IP  tele¬ 
phony  is  new  and  sexy, so 
hacking  from  that  stand¬ 
point  is  more  attractive, 
and  is  more  likely  to  hap¬ 
pen  than  someone  hack¬ 
ing  a  TDM  system.” 

If  a  company  manages 
its  IP  PBX  with  the  same 
due  diligence  as  any 
other  secure  or  mission- 
critical  application  — 

“such  as  a  human 
resources  application,  or 
a  server  with  all  your  cus¬ 
tomers’  credit  card  infor¬ 
mation  —  it’s  not  a  prob¬ 
lem,"  Homer  says. 

On  the  IP  PBX  front  line 

St.  Paul,  Minn.,  chemical 
manufacturer  H.B.  Fuller 
last  year  installed  three 
redundant  clusters  of 
Cisco’s  Windows-based  CallManager  IP  PBXs  to 
provide  IP  phone  connectivity  to  20  remote  sites 
over  its  VPN.  By  running  voice  over  its  data  net¬ 
work,  the  company  was  able  to  eliminate  12  PBXs 
scattered  around  the  network  and  manage  voice 
from  a  centralized  location.  While  this  provides 
better  management  and  cost  savings,  security  of 
the  IP  PBXs  was  a  concern, says  Kevin  Wetzel,  man¬ 
ager  of  global  network  services  for  the  company. 

“On  traditional  PBXs,  although  they  had  PC 
processors  in  them,  they  were  not  necessarily  as 
susceptible  to  viruses,”Wetzel  says.“People  are  writ¬ 
ing  NT  viruses,  not  PBX  viruses, so  it’s  a  trade-off.” 

Wetzel  monitors  his  clusters  of  Cisco  telephony 
servers  with  intrusion-detection  software  —  he 
declined  to  say  what  kind  —  and  is  vigilant  about 
keening  up  with  patches  to  the  CallManager’s 
operating  system,  which  includes  Microsoft  IIS  as 
an  administration  tool.  The  centralized  manage¬ 
ment  of  the  Cisco  CallManager 
dusters  also  provides  a  level  of 
security  of  its  own.  he  adds. 


“We’ve  been  able  to  reduce  the  number  of  PBXs, 
and  that  reduced  number  of  machines  can  make 
for  better  security”  he  says.  “We  can  maintain  the 
systems  in  a  more  uniform  fashion  than  we  could 
before." 

For  Compass  Bank,  a  regional  bank  with  400 
branches  in  eight  states  throughout  the  South  and 
Southwest,  a  mix  of  IP  and  TDM  telephony  is  used 
to  serve  20  of  its  offices.The  bank  deployed  Nortel 
Business  Communication  Manager  (BCM)  plat¬ 
forms  to  its  branch  offices,  and  connects  those 
small-office  IP  PBXs  to  a  group  of  Nortel  Meridian 
TDM  phone  switches  over  a  private  frame  relay 
network. 

Although  the  BCMs  are  based  on  NT,  security  is 
less  of  an  issue  because  IP  is  only  being  used  to 
replace  tie  lines, says  Rick  Nelson, the  bank’s  group 
operations  manager  and  senior  vice  president. The 
network  is  closed  to  the  outside  world,  so  viruses 
and  external  attacks  are  not  issues  for  the  VoIP  sys¬ 
tem,  Nelson  says.  That  the  telecom  network  is  still 
TDM  at  the  core  also  is  an  advantage,  he  says. 

“Security  would  keep  me  awake  at  night  if  I  had 
a  server-based  system  at  the  heart”  of  the  voice 
network,  Nelson  says.  “My  son  can  hack  into 
those  types  of  machines,  and  he’s  1 1. That’s  what’s 
keeping  me  from  making  the  leap  to  an  all-IP 
telephone  network.” 

While  Nelson  says 
an  all-IP  telephone 
infrastructure  — 
from  server-based 
PBXs  to  IP  phones  — 
is  inevitable,  he  will 
wait  another  12  to 
24  months  before 
considering  a  full¬ 
blown  IP  voice 
implementation. 

The  County  of 
Nevada,  Calif.,  decid¬ 
ed  to  take  the  all-IP 
plunge,  replacing  its 
discontinued 
Siemens  Saturn 
phone  switch  with 
several  3Com  NBX 
systems.  The  IP  PBXs 
support  around  900 
users  in  30  county 
offices,  and  are  con¬ 


IP  telephony  vendors  and  customers 
recommend  these  steps  to  manage  the 
security  of  voice  over  a  data  network. 

• 

Separate  IP  PBXs  on  the  LAN  by  putting 
the  devices  in  different  domains  from  other 

servers. 

• 

Isolate  voice  traffic  onto  a  virtual  LAN. 

• 

Limit  administration  access  to  IP  PBXs 
among  IT  staff,  allowing  only  a  few  to  have 
access  to  the  core  operating  system  on  a 
VoIP  server. 

• 

Limit  the  types  of  protocols  that  can  touch 
the  IP  PBX  or  IP  telephony  network  when 
possible. 

• 

Encrypt  voice  traffic  where  possible.  Do 
not  send  IP  voice  over  an  unmanaged  or 
public  network. 

-■ 

nected  via  T-l  lines. 
The  fact  that  the  NBX  boxes  are  sitting  on  the  same 
data  network  as  any  other  server  does  not  concern 
Gary  Sprigs,  network  services  manager  for  the 
county. 

Sprigs  says  the  Web-based  administration  tool 
makes  the  NBX  system  easy  to  access  for  config¬ 
uring  phone  extensions  and  to  configure  the 
box. 

“We  have  a  process  where  we  regularly  change 
the  passwords,”  on  the  administration  interface. 
Sprigs  says.The  NBX  also  has  the  ability  to  create 
an  audit  trail  of  who  accessed  the  device,  what 
was  done,  and  the  IP  address  of  the  user  who 
accessed  the  system. 

He  says  the  NBX  devices  also  are  kept  behind 
firewalls,  which  lessens  the  chance  of  unautho¬ 
rized  system  usage  or  abuse. 

“We  treat  the  [NBX  boxes]  with  the  same  level 
of  protection  as  our  most  critical  server,”  Sprigs 

Get  more  information  online.  says.  “It’s  something  we  didn’t 
DocFinder:  9947  have  to  worry  about  on  the  old 
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level  server  line  with 
the  two  and  4  -proces¬ 
sor  V480,  formerly 
known  as  Cherry¬ 
stone,  and  the  addition 
of  faster  processors  to 
its  eight-way  V880  sys¬ 
tem. The  V480  is  a  rack- 
mount  system  that  is 
5U  (8.75  inches)  high, 
comes  with  4G  bytes 
of  memory  and  two 
36G-byte  disks,  and 
starts  at  less  than 
$23,000.  The  box  uses 
Sun’s  900-MHz  Ultra¬ 
SPARC  III  processors, 
which  are  also  avail¬ 
able  now  on  the  V880, 
which  previously  was 
sold  with  750-MHz 
chips.  Sun  is  position¬ 
ing  the  V480  to  run 
application  server  soft¬ 
ware,  among  other  programs. 

•  HP  unleashed  its  top-of-the-line  NonStop  server,  a  product  inher¬ 
ited  through  its  recent  acquisition  of  Compaq.  The  NonStop 
S86000  offers  more  than  one  and  a  half  times  the  performance  of 
previous  NonStop  S-series  machines,  HP  says.  The  machine  fea¬ 
tures  the  MIPS  R 14000  microprocessor,  8M  bytes  of  cache,  the 
option  of  1G,2G,4G  or  16G  bytes  of  memory  per  processor  and  a 
new  high-speed  disk  drive.  A  user  can  aggregate  as  many  as  4,000 
processors  in  one  system. 

The  NonStop  software  suite,  which  includes  a  Java  Virtual 
Machine,  a  J2EE  enterprise  application  server  and  a  NonStop  SQL 
database,  has  also  been  enhanced. The  database,  for  example,  now 
offers  publish  and  subscribe  functionality,  which  allows  users  to 
monitor  their  data  and  automatically  update  the  database.The 
machines  start  at  $1  million,  but  can  cost  several  million  dollars 
depending  on  configuration. 


Hewlett-Packard  says  the  S86000,  which  can  fea¬ 
ture  up  to  4,000  MIPS  processors,  is  its  highest 
performance  NonStop  server. 
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Gambling  with  our  rights 


“ALBANY,  N.  Y—  Citibank,  the 
nation  s  largest  credit  card  issuer,  has 
agreed  to  block  all  online  gambling 
transactions  that  use  its  credit  cards, 
the  state  attorney  general  said  Friday. 
The  agreement  announced  by  the 
bank  and  Attorney  General  Eliot 
Spitzer  is  expected  to  significantly  reduce  illegal, 
underage  and  potentially  addictive  Internet  gambling, 
Spitzer  said.  It  applies  to  all  Internet  gambling  trans¬ 
actions,  not  just  those  in  New  York.  Americans  now 
waste  $4  billion  a  year  on  this  pernicious  form  of 
gambling! Spitzer  said!' 

—  (AP)  06/14/2002 

Hmm.Can  you  guess  the  glaring  inconsistency 
here?  Yep,  they  want  to  stop  online  gambling  but 
they  think  the  New  York  State  Lottery  —  another  per¬ 
nicious  form  of  gambling  —  is  OK.  And  the  Lottery 
had  revenue  last  year  of  $4.67  billion! 

When  1  spoke  to  the  Lottery’s  press  office  they  said 
the  Lottery  is  different  because  profits  fund  educa¬ 
tion  C$1.56  billion  last  year  —  that’s  about  5%  of 
New  York’s  education  budget!). 

As  I  explored  the  facts  and  figures  concerning  the 
Lottery,  I  discovered  an  interesting  item  in  its  Fre¬ 
quently  Asked  Questions  section:“Can  I  buy  New 
York  Lottery  tickets  over  the  Internet?” 


The  answer:“No.”I  placed  a  half  dozen  calls  to  vari¬ 
ous  arms  of  the  New  York  state  government  but  no 
luck,  no  one  could  explain  why  it  is  not  allowed. 

The  news  item  above  went  on  to  quote  a  Citibank 
spokeswoman  as  saying: “Citibank  agreed  to  take 
these  steps  to  help  alleviate  concerns  raised  by  the 
attorney  general  about  the  impact  that  gambling  on 
credit  may  have  on  New  York  residents.”  Citibank 
also  agreed  to  pay  $400,000  to  nonprofit  groups  that 
counsel  and  help  families  hurt  by  gambling  addic¬ 
tions,  the  company  said. 

Hmm, “concerns  raised  by  the  attorney  general.” So 
Spitzer  feels  something  needs  to  be  done  to  protect 
those  misguided  knuckleheads  who  don’t  under¬ 
stand  the  crushingly  obvious  fact  that  casinos  on-  or 
off-line  aren’t  in  the  gambling  business  for  the  sheer 
pleasure  of  it.  But  the  state  lottery  is  different. 

Don’t  you  get  the  sense  that  behind  the  mealy 
mouthed  altruism  there  lies  a  quagmire  of  grubby 
politics?  Why  would  Citibank  cough  up  $400,000 
when  it  has  done  nothing  wrong? 

And  the  thing  that  amuses  me  is  the  use  of  the 
Internet  as  a  pawn  in  the  game.  Let’s  be  clear  about 
this:  the  problem  of  gambling  addiction  is  not 
caused  by  the  Internet  any  more  than  it  is  by 
Atlantic  City  or  Las  Vegas.  But  do  we  hear  any  rally¬ 
ing  cries  to  curb  those  cities?  Nope. 

The  fact  that  Citibank  has  apparently  caved  in 


under  what  I  assume  to  be  significant  political  pres¬ 
sure  is  yet  another  blow  to  the  foundations  of  your 
personal  freedoms. 

What  next?  Will  we  see  the  banks  blocking  online 
credit  card  transactions  with  known  adult  sites? 
How  far  from  that  to  the  enforced  blocking  of  politi¬ 
cally  suspicious  sites  and  the  mandatory  monitoring 
and  oversight  of  all  online  financial  transactions? 
And  why  not  block  credit  card  transactions  with 
McDonalds  —  after  all,  gambling  on  credit  might 
bankrupt  you,  but  fast  food  will  kill  you. 

There  are  lots  of  parties  representing  vested  inter¬ 
ests  that  want  to  keep  the  Internet  from  evolving  in 
certain  ways.The  two  major  axes  of  those  interests 
are  political  power  and  money  and  one  of  the  points 
where  the  axes  intersect  is  gambling. 

If  the  motives  that  drove  Citibank’s  decision  were  as 
pure  as  those  proffered  by  Spitzer  we  would  applaud 
a  bold,  effective  social  policy  that  should  help  many 
people  who  can’t  help  themselves.  But  the  stink  of 
political  maneuvering  is  hard  to  blow  away 

“Other  companies,  including  Bank  of  America, 
MBNA  and  Chase  Manhattan  Bank, also  have  begun 
blocking  the  gambling  transactions,” Spitzer  says. 

That  sound  you  hear  is  the  howl  of  anguish  as  your 
rights  rush  towards  the  horizon  with  their  butts  on 
fire. 

Write  on  to  backspin@gibbs.com. 
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by  Paul  McNamara 

What  else  shouldn't  we  believe  about  eBay? 

By  now  you  may  know  that  Pierre  Omidyar  didn't 
really  launch  eBay  to  help  his  girlfriend  collect  PEZ 
dispensers,  even  though  that  charming  anecdote 
has  been  recounted  by  the  press  only  .slightly  less 
often  than  Alexander  Graham  Bell's  entreaty  toHS/lr. 
Watson. 

The  debunking  of  the  PEZ  myth  received  a  lot  of  ink 
last  week,  although  much  of  it  was  curiously  missing  any  sense  that  the  myth  mak¬ 
ers  did  anything  wrong. . . .  Seems  as  though  that’s  an  oversight  worth  correcting. 

According  to  a  new  book  titled  The  Perfect  Store  by  Adam  Cohen,  the  PEZ  fib 
was  invented  by  Mary  Lou  Song,  eBay's  first  public  relations  manager  and  its  third 
employee.  She  resorted  to  the  fabrication  reportedly  because  she  was  having  a 
hard  time  generating  interest  in  the  company.  Omidyar  agreed  to  go  along  with  the 
ruse,  accounts  of  which  found  its  way  into  countless  stories  about  the  Internet’s 
most  successful  auction  site. 

Omidyar  acknowledged  to  the  author  that  the  PEZ  story  had  been  “romanticized." 
And  last  week  an  eBay  spokesman  told  the  Associated  Press  it  had  been  “slightly 
blown  out  of  proportion." 

Of  course,  you  might  also  call  it  a  lie,  but  that  word  is  so  harsh. 

“Deal  with  others  the  way  you  would  have  them  deal  with  you,"  Omidyar  wrote  to 
the  fledgling  eBay  user  community  in  February  1996  when  he  was  drumming  up  sup¬ 
port  for  the  site's  vaunted  Feedback  Forum  and  code  of  ethics. 

In  other  words,  if  you  want  to  be  trusted,  be  trustworthy. 

That  was  sound  advice,  whether  Omidyar  always  lived  it  or  not. 

He  loves  Netscape  7.0,  but . . . 

Sometimes  the  right  hand  doesn't  know  that  the  left  hand  went  out  and  whipped 


up  a  fresh  batch  of  code. 

Witness  this  observation  from  James  Gaskin,  a  member  of  the  Network  World 
Global  Test  Alliance  who  (outside  of  that  role)  recently  put  Netscape's  newest 
browser  through  its  paces. 

“Being  a  Netscape  fan,  I  downloaded  the  Netscape  7.0  code  and  liked  it  enough  to 
make  it  my  primary  browser,”  Gaskin  says.  "So  far,  the  only  site  I've  tried  that 
chokes  on  the  new  code  is  AOL  Anywhere's  main  screen  right  after  login." 

“Does  that  make  any  sense  at  all?"  Gaskin  asks. 

Nope. 

“Could  anyone  at  AOL  possibly  talk  to  anyone  at  Netscape?" 

You  might  think  so,  given  that  they  are  one  and  the  same  corporate  entity,  thanks 
to  AOL’s  purchase  of  Netscape  for  more  than  $160  billion  in  late  1999. 

Glitches  happen,  of  course,  and  it  would  be  a  mistake  to  read  too  much  into  this 
one.  However,  this  type  of  thing  does  seem  all  the  more  common  in  an  age  where 
business  barons  slap  merger  deals  together  with  bankers  and  lawyers,  paying  little 
heed  to  how  the  parts  are  going  to  fit  later  on. 

More  proof  the  rich  aren't  like  the  rest  of  us 

Get  a  load  of  this  subject  line  on  an  e-mail  sent  to  gauge  my  interest  in  a  recent 
e-commerce  study  by  Jupiter  Media  Metrix:  "Affluent  Shoppers  Will  Spend  The 
Most  Online." 

Do  tell. . . .  What  might  possibly  account  for  such  a  phenomenon? 

Might  a  disproportionate  percentage  of  the  rich  have  broadband  in  their  homes 
and  thus  face  fewer  obstacles  than  the  hoi  polloi  when  shopping  the  ’Net? 

Might  more  of  the  wealthy  have  high-powered  jobs  that  leave  them  tied  to  their 
desks  past  closing  time  at  the  malls  and  thus  no  option  but  to  shop  online? 

Or  —  and  I  realize  this  is  a  stretch  —  could  it  have  something  to  do  with  the  fact 
that  affluent  have  more  money  than  the  rest  of  us? 

Rich  and  poor  alike  should  direct  comments  to  buzz@nww.com. 


THE  STRAIGHT  GOODS  ON  APPLICATION  SERVERS 
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"AN  APP  SERVER  IS  ALL 
YOUR  e-BUSINESS  NEEDS." 

Pure  delusion.  True,  an  app  server 
can  be  thought  of  as  the  integration 
engine  driving  your  e-Business. 

But,  it's  still  just  one  component  of  your 
e-Business.  And  just  one.  Let’s  not  forget 
the  development  tools,  the  adapters, 
DBMS  solutions,  wireless  servers  and  a 
host  of  other  components.  And  here's 
the  crunch:  the  ability 
to  integrate  them. 

Anything  less  simply 
won't  carry  you  into 
the  future.  Sybase 
provides  all  these 
components.  Of  course, 

EAServer  runs  as  the 
integration  engine 
unifying  these 
components  into 
your  company's 
infrastructure. 

"WE’RE  MORE 
J2EE  THAN  THE 
OTHER  GUYS.” 

We  hear  this  one  a 
lot.  We  assure  you  it 
is  complete  nonsense. 

You're  J2EE  compatible 
or  you're  not.  It's  not  a 
sliding  scale.  It's  simply 
either/or.  Yes  or  no.  It's 
an  utterly  and  totally 
binary  situation. 

For  the  record,  EAServer 
is  J2EE  compatible.  In 
fact,  we  were  among 
the  very  first  application 
servers  to  be  certified. 

We  also  support  C  and 

C++,  COM,  CORBA,  and 

of  course,  our  own  PowerBuilder. 

You  won't  find  more  comprehensive 
support  for  the  leading  technologies 
and  applications  most  prevalent  in 
e-Business  today. 

"CLUSTERING  WORKS  BUT  ONLY 
IN  ONE  PLACE  AT  A  TIME.” 

Any  true  24x7  e-Business  depends 
upon  availability.  And  the  most  certain 
way  to  ensure  availability  is  with 
clustering.  Now,  some  say  you  can  only 
effectively  cluster  in  one  place  at  a 


time.  Smart  thinking  until  an  unexpected 
power  outage  brings  down  your  call 
center's  data  systems.  Others  say  you 
can  cluster,  but  only  one  operating 
system  at  a  time.  Which  means  you  can 
never  throw  an  NT  box  into  a  Unix 
cluster  or  vice  versa.  We  beg  to  differ 
on  both  counts.  EAServer  lets  you  cluster 
any  way  your  e-Business  demands. 
Even  if  that  involves  the  clustering  of 
two  different  operating  systems  in  two 
different  geographical  locations. 


"IT'S  OUR  WAY 
OR  THE  HIGHWAY." 

This  is  usually  couched  in  somewhat 
softer  terms.  Something  like  this: 
"Let's  start  fresh.  Get  rid 
of  everything  you've  got. 

Make  the  switchover 
to  our  stuff.  And 
welcome  to  the 
New  World." 

What  this  always 
translates  into  is  one 
great,  ugly  and  brutish 
migration  nightmare. 


SYBASE  e-BUSINESS  SOFTWARE. 
BECAUSE  EVERYTHING  WORKS  BETTER  WHEN 


Avoiding  the  horror  of  this  is  one  of 
the  very  best  arguments  in  favor  of 
Sybase  EAServer. 

Not  only  do  we  guarantee  that  we 
will  make  all  of  your  systems  work 
together,  we'll  show  you  how  you  can 
migrate  to  your  new  technologies 
without  disrupting  your  current 
information  systems.  Or  your  business. 
Absolutely  no  pain.  Lots  of  gain. 

“OUR  BENCHMARKS 
MIRROR  YOUR 
REALITY." 

What  happens  in  a 
carefully  set-up  study  to 
prove  a  marketing  claim 
is  the  marketing  claim 
gets  proven.  It’s  not 
rocket  science. 

We  do  benchmarks,  too. 
We  just  got  some  back 
that  say  our  application 
server  is  faster  than  the 
best-selling  app  server 
in  the  business-to- 
consumer  market.  Surely, 
real-world  performance 
measurements,  not 
contrived  marketing 
benchmarks,  are  more 
important  to  running 
your  real-world 
business.  Let’s  talk. 

GET  THE 
WHOLE  TRUTH. 
OR  AT  LEAST 
OUR  SIDE  OF 
THE  STORY. 

We  believe  EAServer 
deserves  your  full 
consideration.  We 
won't  stretch  or  distort  facts  to 
convince  you  of  our  viewpoint.  But 
we  would  like  to  give  you  all  the 
arguments  in  favor  of  our  case. 

Visit  www.sybase.com/truth.  Or  you 
can  call  1  -800-8-SYBASE.  And  thanks 
for  letting  us  clear  the  air. 


I Sybase 

nformation  Anywhere™ 
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EVERYTHING  WORKS  TOGETHER!" 
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YOU'RE  PROTECTED  AGAINST  HACKERS,  VIRUSES  AND  WORMS. 

BUT  WHAT  ABOUT  ROSE  IN  BENEFITS? 


eTrust'  Security  Solutions 

Complete  protection  for  your  entire  enterprise. 


When  it  comes  to  protecting  your  business,  you  need  security  that  can  protect  your 
enterprise  from  potential  threats,  no  matter  where  they  may  come  from.  That's  exactly 
what  eTrust  does.  Our  family  of  products  allows  you  to  not  only  safeguard  your  entire 
enterprise,  but  also  view  and  manage  that  security  either  centrally  or  from  multiple 
delegated  locations.  So  you  can  continue  to  grow  and  maximize  new  opportunities 
while  minimizing  your  risk.  And  that's  security  you  can  feel  secure  about. 
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